As unlikely as it sounds, your passwords could be risking the security of your entire business. Here are three ways to improve them.
Even as cyber-attacks grow in sophistication and businesses worldwide invest in bigger and better cyber defences, there’s one area where end-users predictably let the side down: password security.
According to a 2016 report, 10% of people use at least one of the 25 most commonly used (and therefore easiest to crack) passwords worldwide, and 4% of people set their password as “123456”. This has grave implications for SMEs in sectors like law and private equity, where users may not be savvy enough to understand the risks associated with poor password security but use their laptops and email accounts to store a huge amount of sensitive and valuable data.
So how can you improve your firm’s password security? We outline three ways below.
1. Promote better passwords
It sounds counter-intuitive, but a complex password with random numbers and casing isn’t as good as a much simpler – but lengthy – one. It’s more secure (and easier to remember) to string together an obscure set of words than use an obvious phrase with awkward casing and numerical substitutions. A good example provided by LastPass is “correct horse battery staple”.
And, if special characters are a requirement, don’t put them all in the same place – space them out in between letters, and avoid putting them in predictable areas like at the start or the end of the password.
2. Get users to avoid password reuse
As Wired puts it, you should never “never double-dip” – that is, don’t use the same password for multiple websites and accounts. This dubious practice has become so common that it’s given rise to its own unique kind of cyber-attack – the “password reuse attack”, where hackers take username and password pairs stolen in previous data breaches (like the 2014 eBay cyber attack) and use them to break into the same people’s accounts for other online services.
Obviously, you can’t enforce unique passwords in the workplace any more than you can ensure every employee writes the best possible password (and avoids the likes of “123456”. However, staff training sessions and resources can help educate employees of the risks surrounding poor password security, and put the responsibility of improving it in their own hands.
Find out more in our free guide, Fixing the weakest link in IT security: How to address the workforce behaviours putting your business at risk.
3. Use multi-factor authentication
Finally, consider switching up your approach. Your password shouldn’t be your only defence against a data breach, but one of many measures you use to prevent unauthorised access to your devices, servers and resources.
Multi-factor authentication is an approach where the user needs to present two or more items of evidence that they are who they say they are – usually something they know (such as a password), something they have (such as a key or mobile phone on which they can receive a one-time passcode) and something they are (meaning biometric authentication like a fingerprint scan).
For complete protection against data breaches, including malware and more sophisticated social engineering attacks, you’ll need more than a strong password. In our guide, we outline further security risks and how your business can beat them.
FREE DOWNLOAD: Fixing the weakest link in IT security: How to address the workforce behaviours putting your business at risk