Human error plays several roles in data breaches and cyber attacks. In this article, we focus on password mistakes, one of the most common areas we fall short in protecting ourselves and our organizations. The top 5 password mistakes your employees are making, and how to fix them, are highlighted below:
Number 1: Using Weak Passwords
Weak passwords have common patterns that can be easily guessed making them susceptible to hacking. They can be common words or phrases, names or birthdays, easy sequences.
A study reveals that the most common password is 123456.
When your employees use weak passwords it not only risks their personal information but also your company's sensitive data and systems.
Solution:
To prevent employees from using weak passwords:
- Enforce password strength criteria that requires a mix of uppercase, lowercase letters, numbers and special characters.
- Use a password managers to generate and store unique passwords
Number 2: Reusing Passwords
According to a survey, at least 65% of people reuse passwords across multiple sites. When your employees reuse passwords across multiple accounts it may seem like an easy way to manage multiple login credentials. However, reusing passwords means that if one account is compromised, all accounts using the same password are vulnerable to attack.
Solution:
The following can dissuade employees from reusing passwords:
- Encourage the use of unique passwords for every account.
- Use advanced security systems, tools, and software that can detect and flag password reuse.
- Use password managers to generate and store unique, complex passwords for each account.
Number 3: Sharing Passwords
When your employees share passwords with colleagues or friends, it's like giving them access to company's sensitive information. 69% of employees share passwords with colleagues. Imagine one of your employees shares their password with a friend who needs temporary access to a company system, but the friend writes it down and leaves it in a public place, where it can be easily found.
Solution:
Here are practical ways to prevent this:
- Establish clear password sharing policies: Make sure your employees know that sharing passwords is a big no-no
- Use secure collaboration tools: Encourage your employees to use tools like password-protected documents or collaboration software that doesn't require sharing passwords.
Number 4: Not Updating Passwords
Failing to update passwords after you’ve experienced a breach or when there is evidence of a breach is a common mistake that can leave your company's sensitive information vulnerable to attacks. You can tell that your password was involved in a breach when you get a message from Google about it or if your credential appears on “HaveIbeenpawned”. Failure to update these passwords exposes your organization to a variety of cyberthreats.
If an employee's password is compromised in a data breach or phishing attack, and they don't update their password, the attacker can continue to access your company's systems and data.
Solution:
To keep your organziation secure from external threats:
- Implement a policy for employees to regularly update passwords which have been involved in a breach
- Use password management tools: Consider using password management software that can help employees generate and remember strong passwords
Number 5: Using Public Computers or Public Wi-Fi
Using public computers or Wi-Fi to access company accounts or sensitive information can be a security risk. Public computers may be infected with malware or keyloggers, which can capture login credentials and sensitive information. They can also be insecure, allowing hackers to intercept data transmitted over the network.
Solution:
Your organisation can stay protected if your employees can:
- Avoid using public computers or public Wi-Fi for company business: Encourage employees to use company-issued devices and secure networks to access company information. Listen to our Podcast on Cyber risks to IoT Devices on Spotify.
- Use virtual private networks (VPNs): Consider using VPNs to encrypt data transmitted over public Wi-Fi networks.
- Implement two-factor authentication: Require employees to use two-factor authentication, such as a password and a fingerprint or smart card, to access company accounts and sensitive information.
Learning about the top 5 password mistakes and fixing them can help keep your company safe from cyber attacks and data breaches. The most important thing is to teach employees about password security and give them the tools to manage passwords well. This way, employees can be the first to defend against these threats.
Take the first step in protecting your company - contact us at Cyberkach for expert cyber training and support. For more resources and materials on cybersecurity and awareness, kindly subscribe to the Cyberkach blog.