Password Security - What’s at Stake?

Nov 2021

Did you know? – According to a Verizon Data Breach Investigations Report, as many as 81% of data breaches were the result of weak or stolen passwords. Given that more than 5 billion passwords have been leaked, password protection alone is no longer a big enough deterrent from cyber-criminals.

Why is that?

Despite passwords remaining the most basic security measure for any business and their users, the increasingly complex requirements when creating them is creating new challenges for businesses of all sizes as they look to use and manage them safely.

As we’re sure you know, nearly everything these days has a password and, as passwords become increasingly complex, they are becoming harder to remember. When things become hard to remember, we write them down and store them in a safe place – usually with another password!

However, this is something that cyber-criminals are aware of and actively look for in – especially in small and medium businesses.

Small and medium businesses are a sweet spot for cyber-criminals, as they hold more valuable data than a consumer would do but are a lot more vulnerable to attacks than larger enterprises are due to smaller security budgets.

This problem is then amplified by the growing number of businesses which are incorporating ‘smart’ devices into their IT infrastructure – see…more passwords!

While these devices are designed to help make business operations faster and smoother, these devices are often vulnerable to cyber-attacks, and run with a publicly available default admin username and password. This can pose a risk which can then lead to harmful consequences for the business.

This is why implementing additional security solutions, such as multi-factor authentication (MFA), is essential in providing added strength to password access.

  1. Implement effective password policies which employees should follow – making sure that your employee’s passwords are strong is the first – and easiest - step to take. Your policies should be clear on the benefits of adding complex requirements to your passwords, including upper- and lower-case characters, numbers and symbols. Passwords should also be unique to each user and each device, and your policies must set the precedent for this.
  2. Train users on how to create strong passwords – even after implementing effective strategies, many users will continue to reuse passwords from other accounts. Although they may be slightly varied (adding dates and numbers is the most common), it won’t be enough. Once a cyber-criminal has enough private information on a user, guessing passwords becomes child play. Training users to create more complex passwords, different passwords and regularly changing passwords, instead of just varying them, is a must.
  3. Your IT department, whether internal or external, should implement rules when setting and enforcing company password policy – the National Cyber Security Centre recently updated their guidelines for password security. They revealed that making users have passwords which are long, and complex are better than having rules in place for users to change their passwords every so often. Rules such as over a certain number of characters and different symbols/numbers/upper- and lower-case characters are also common practice which every business should have implemented.  
  4. To further protect data, make sure you have multi-factor authentication set up wherever you can - multi-factor authentication is a must for all businesses these days. It can help protect your business from getting found out by having poor password policies. When someone attempts to login to an account, a notification is sent to the user phone or email address with a code for them to enter to get access to the system. Affinity can help you set up multi-factor authentication to add an extra level of security for your company.

 23.3 Million Victims of Password hacking used

Affinity IT can help you make your business more secure, as we can help implement multi-factor authentication as well as a host of other security measures to make sure you don’t get caught out.

Get in touch with us today to see how we can keep your business doing what it does best.

Recent Posts