The cyber threat environment in which we now live increasingly requires attention to some cyber “hygiene” basics. Much like personal hygiene, cyber hygiene involves steps that business owners and employees must take in order to maintain the health of an organization. For a long time, good usernames and passwords might have been sufficient for effective cybersecurity. However, in our threat environment, basic passwords are no longer sufficient to protect your business.
To illustrate, consider the recent password trends of the past two decades, which suggested combinations of uppercase and lowercase letter, numbers, and symbols. Many of us absorbed these suggestions, and we still interact with these suggestions regularly when conducting e-commerce or registering for various accounts. Unfortunately, these password trends are proving insufficient for effective cybersecurity. In fact, even the author of the 2003 NIST publication related to these password trends says he now regrets these suggestions. Primarily, the failure of these suggestions lies not with the password, but with user habits. People tend to use passwords that are easy to guess, or use the same password across multiple systems. Expert cybercriminals are increasingly able to harvest user credentials through various social engineering attacks or keylogging, for example.
To drive home the issue of user password habits, consider the results of a survey commissioned by Forbes Advisor. The numbers are a fascinating glance at users’ own perceptions of security breaches of their personal accounts. Nearly 2 out of 3 of victims identified a password breach as the source of their issue. A bit over half of those admitted the likely culprit was a weak password, while a bit under half identified a repeatedly used password as the problem (which, of course, increased the risk of multiple accounts being hacked).
While you may consider this irrelevant since these are users’ personal emails and social media accounts, remember that your employees are likely bringing the same habits to their workplace passwords. In fact, the Forbes study found that over half of users used the same password for three or more accounts. In addition, nearly 1 in 5 users created passwords using variations of previous passwords, while another 42% used words and numbers that were personally significant to them. All of these practices should give business owners pause, considering the serious risk posed by password compromise.
But it’s not just employees slacking off on password management. One survey suggests that senior management are willing to share passwords in order to delegate tasks, a practice as risky as others already mentioned.
It is vital that business owners use and implement effective password management within their organization. Part of this effort will require employee training, considering that 81% of Americans say they don’t see the need for best practice security measures. But that user hesitation or even frustration must be overcome. Simply put, the risk for security breach is too great to allow sloppy password practices, but various tactics can be implemented to reduce this risk. We’ll break down a few of these tactics in an upcoming blog post!