Last week, we discussed the importance of employee education and awareness to help minimize your organization’s cyber security risks. This week’s article in our National Cyber Security Awareness Month Series will focus on another major security risk for businesses – PASSWORDS. Password security is oftentimes forgotten, leaving organizations open to attacks.
Hackers hijack or crack passwords to steal identities, access sensitive data and infect your systems with ransomware or viruses. In fact, cracked or stolen passwords are to blame in 81% of hacking-related breaches.
Having a hard to crack password is the first line of defense against data breaches. But even with all the widely-known risks involved in weak passwords, people still use the most common offenders. According to SplashData, the top 5 worst passwords of 2017 were:
123456
password
12345678
qwerty
12345
Businesses need to implement good password policies so employees don’t leave the organization susceptible to cyber attacks. Below is a list of DOs and DON’Ts to consider.
Do |
Don’t |
Use passphrases | Use dictionary words |
Use a mix of upper and lowercase letters, numbers and characters | Use personal info like names, birthdays, addresses or phone numbers |
Have at least 8 characters | Use the same password for more than 90 days |
Use a different password for every account | Share your passwords with coworkers |
Use a password management application | Store passwords in unprotected digital documents or written down in plain sight |
Two-Factor Authentication (2FA) adds another layer of password protection by making users go through an additional step before being able to log in. This provides another form of evidence that you are who you say you are, typically by entering a security code or pin that is sent to you via email, mobile text message or phone call. 2FA makes it harder for attackers to login to your account because they would also have to have access to your email account or another device to provide the code. And the security codes are usually only valid for a short amount of time and can only be used once.
Aside from having strong passwords and using multiple forms of verification, organizations can still be at risk. When employees resign or are terminated, it is best to deactivate their user accounts and disable any access they may have to the network (including wireless) right away. This will help safeguard your business against disgruntled employees who may have been let go and are looking for vengeance.
If you use an external IT Service Provider to support your business, another thing to consider is what their password policies are. Does the provider use the same administrator username and password for all of their clients? Does the administrator account password get changed when their technicians leave? Do they store any passwords pertaining to your business in a password management system or secure file?
Texas Systems Group has multiple safeguards in place to protect our BrightStar Managed Service clients’ passwords. Two-factor authentication, a password management system and tight security policies ensure that your passwords are secure and help deflect cybercriminals from hacking your user accounts. To find out more information, contact us.