Mere minutes. That’s how long it takes the majority (93%) of small business hackers to compromise a system. Despite ongoing conversation about avoiding weak credentials, the vast majority of businesses still use easily hack-able passwords. According to Verizon’s 2017 Data Breach Investigations Report, 81% of hacking-related business system breaches involved the use of either stolen and/or weak passwords. With 25% of perpetrators identified as insiders and 63% of small business hackers taking advantage of weak passwords, businesses need to take more serious action toward strong password security. To get your business started, Litzia has identified a list of 5 important tips to strengthen workplace password security:
1. Avoid easy-to-guess passwords: according to SplashData, people continue to use easy-to-guess passwords. The organization estimates almost 10% of people have used at least one of the 25 worst passwords and nearly 3% used the worst, (cue the drumroll) “123456”. The list is worth the review as your password may not be as unique and strong as you think. For example, 2017’s newest addition to the list is “starwars”.
2. Never share credentials: one in five employees share their email password with co-workers. With 25% of password theft committed internally, such activity is especially risky to business security.
3. Complexity is Key: pick challenging passwords that include a combination of random letters (upper and lower case), numbers and special characters (e.g. <$>, <%> and <&>). Similarly, the length of your password should be at least 12 characters long. The fewer patterns or identifiable words, the less likely a hacker can compromise the account.
4. Stop reusing passwords: when a strong password passes a security test, it is tempting to use that password repeatedly across accounts. While 91% of people understand that using the same password for multiple accounts is a security risk, 59% mostly or always use the same password. The rule especially applies to password usage between the home and office. At Dropbox, one employee’s re-used password obtained through a LinkedIn breach resulted in theft of more than 60 million account credentials. Moreover, using unique passwords ensures that there isn’t a domino effect if one platform’s credentials are compromised.
5. Multi-Factor Authentication (MFA): MFA is requiring the correct completion of two or more security factors before granting account access and can be deployed in various forms: knowledge (something they know, like a security question), possession (something they have, like a code issued via SMS) or something you are (fingerprint). According to a LastPass’s 2018 Global Password Security Report, 45% of businesses are now using multi-factor authentication, up from 24% last year. This is no wonder as adding another log-in step ensures that, should your password somehow be compromised, the attacker won’t be able to hack your account.
With increased access to exploits and tools and a dark web market for buying and sharing stolen credentials, passwords must be treated as the first line of defense against business network breach. By implementing the above guidelines, your business can minimize risk of account compromise and ensure your business’ information is protected.
For more information, please visit Litzia’s Network Security webpage.
Recent Comments