With the ongoing rise of data breaches and the number of people working from home, it is more important than ever for businesses to ensure that their online accounts are secure.
In this article, we have provided need-to-know information about password security, including tips on how you can maximise your protection against cybercriminals.
Why is password security important?
Verizon’s 2020 Data Breach Investigation Report revealed that compromised passwords were responsible for 80% of data breaches in 2019.
On gaining access to a user’s account, hackers will be able to use their information to gain access to further accounts and steal personal identifiable information (PII), such as names, addresses and bank account details, evading an individual’s privacy and putting them at risk of money and identity theft.
Hacking user accounts can also give cybercriminals the upper hand when it comes to creating reputation-damaging smear campaigns, exposing confidential information to competitors or even holding it at ransom for financial gain!
The impact of stolen passwords on businesses
According to IBM, the average cost of data breaches for businesses in 2020 was in the region of $3.68 million (approx. £2.74 million). In addition to this, they also reported that it took companies worldwide an average of 280 days to discover and contain these breaches(!)
A study from the University of Carolina’s Kenan Flagler Business School also revealed that breaches made through stolen credentials can reduce up to 3% of a company’s overall market value long-term.
As a result of a data breach, companies and individuals may also encounter financial loss and may find it more challenging to qualify for loans or find jobs in the future.
How to check if your password has been stolen
Some password management apps alert users of instances where their passwords have been leaked, however, there are certain sites that you can enter email addresses or phone numbers into to understand whether any of your passwords have been compromised.
One of the most popular sources to use for these checks is HaveIBeenPwned, a large online database that is regularly populated with the latest reported breaches. This is popular with many businesses due to its ability to bulk check breaches at domain level, making it ideal for medium/large organisations that have many employees, and therefore, many user accounts.
Password security tips
Wondering how to create a secure password or what the best ways are to store passwords for optimum security? We’ve provided some tips to avoid weak passwords and keep your accounts secure.
1. Follow password best practices
Several different elements need to be adhered to when it comes to password creation:
- Passwords need to be unique for each account and should be 16 characters or more in length
- They should also include a combination of letters, numbers and characters
- Passwords should not include any personal information that is easily accessible on the internet, such as a pet or child’s name, address details or phone number.
- Passwords should not include any consecutive letters or numbers
- There should be no letter or number repetition. All characters, letters and numbers should be unique within a single password.
2. Use a Password Manager
Not only are password managers highly secure but they also provide an effective way of keeping all password details in one, accessible place across multiple devices.
Many of these applications also highlight password repetition and have a built-in password security checker and secure password generator functionality.
As long as your password vault’s master password adheres to the password best practices, there is little chance of malicious hackers being able to access all of your password data.
3. Use a Password Book (with caution)
For those who are less tech-savvy, password books – a notepad containing all account passwords – is still an acceptable storage method providing that the notepad does not leave the premises and is stored in a secure, lockable location.
However, for those who are frequently travelling for work, a password manager is a much safer option.
4. Update passwords when employees leave your business
Although ex-employees may be trustworthy, you can never be 100% certain that they may not use confidential information or business documentation to their advantage for future endeavours. With this in mind, company passwords must be updated as and when employees leave to prevent accounts from being compromised.
This is just one instance where a password manager is beneficial for businesses. Enterprise-level plans will typically enable organisations to change account credentials at scale with minimal fuss.
When passwords are changed, these will be automatically updated ready for staff to use. This is particularly useful for businesses that are reliant on online applications for their day-to-day running.
5. Implement two-factor authentication
Two-factor authentication, also known as two-step or multi-factor authentication, enables an account to be inaccessible unless a correct password is entered along with another form of account authentication.
Additional authentication methods will vary between different online accounts, however, can be in the form of:
- Text messages providing a one-time passcode
- A push notification to a mobile phone
- Using a dedicated security key
- An authentication app
At CyberCrowd, we offer a range of data protection services to maximise your business’ online security and prevent unauthorised access to your company’s sensitive data. To find out how we can help you to boost your organisation’s security, contact the team today.