There was a time when passwords, antivirus software, and firewalls were enough to keep businesses and users safe from cyberattacks. But now that data breaches and phishing attacks are a daily occurence, implementing multilayered cybersecurity measures and best practices, including security awareness training, data backup, spam protection, encryption, penetration testing, and vulnerability assessment, are more important than ever.
Although still essential, passwords have become an Achilles’ heel for many organizations, a vulnerability that actually makes it easier for hackers to break into a system.
Why have passwords become unsafe?
Employees use the same password for everything. In a survey called “Psychology of Passwords: Neglect is Helping Hackers Win”, 59% of the respondents were using the same password for multiple accounts despite being aware of its risks. Password reuse makes it easier to carry out “credential stuffing,” whereby hackers take a password from one breached site and try to log in to the user’s other online accounts.
Around 61% of respondents used the same password for multiple sites because they feared they would forget their login credentials. This risky practice could lead to all kinds of detriment to a business, chief of which is incurring huge costs. Companies have spent an average of $879,582 after a cyberattack, with 60% of small companies going out of business within six months of the attack.
The survey also found that the same passwords are used for workplace and personal accounts. Some users even treat work and personal accounts with the same indifference, using one password for work intranets, email, financial accounts, social media, and everything else.
Breaches don’t scare them. Small businesses must be more proactive in managing passwords, as a large percentage of employees don’t seem concerned about breaches. According to the same survey, 53% of users wouldn’t consider updating their passwords even if news of a breach was prominent in the media, while 55% still wouldn’t change their login credentials even if their accounts get hacked.
People don’t think hackers would target them. 38% of the respondents believe that their accounts aren’t valuable enough to be hacked. The truth is that hackers don’t discriminate and will try to profit from any data they can gather. In fact, they could sell a single patient medical record for at least $1,000 on the dark web.
Small businesses make attractive targets for hackers precisely because of the carelessness with which individual users mix their workplace and personal accounts, making them potential entryways into their organizations’ larger pools of data.
Password management comes down to a spreadsheet. Many of the survey respondents confessed to keeping passwords on a single file, like a spreadsheet on a mobile device. If you’re a small business managing the passwords of 50 to 150 employees, using spreadsheets to keep track of passwords is an invitation to disaster.
How should I manage my passwords?
One “nearly perfect” solution is to use a password manager, an application that’s like a password ledger protected by a master key accessible only by authorized individuals. It not only stores passwords but also generates new passwords and remembers them for the user.
A password manager allows organizations to generate strong, unique passwords for websites that require users to create login credentials, keeping each one different from other sites and applications and circumventing hackers’ attempts at credential stuffing. Moreover, it conveniently stores credentials behind the password manager’s own security protocols, so that users don’t have to remember numerous passwords — each one a mix of uppercase and lowercase letters, numbers, symbols, and special characters.
What’s more, it automatically fills in passwords, eliminating the need for users to manually type them in. This protects your organization from eavesdroppers who may deliberately or inadvertently spy on your users as they work in a public place. Often, a password manager will have encrypted sync across devices. This allows users to safely share passwords across their devices when using a new device.
And unlike typical hashing that organizations use to scramble passwords entered into login fields, password managers use strong algorithms that make it difficult for hackers to reverse hashing and reveal passwords.
Protect your business from password theft with state-of-the-art and affordable measures, such as password managers and email/spam protection. Want to learn more about security measures that keep your systems and data safe? Talk to us today.