Lots of businesses tell us that they aren’t concerned about cyber security or using a password management system because they’ve never had a ransomware attack or experienced a data breach. These misconceptions led us to create our free password management guide.
Why take password hygiene seriously?
Former executive chairman of IBM, Ginni Rometty, said cybercrime is “the greatest threat to every profession, every industry, every company in the world.” Former FBI director James Comey stated, “There are two kinds of companies in the United States: There are those who’ve been hacked … and those who don’t know they’ve been hacked.”
Talk about cyberattacks should be focused on the assumption that every company, no matter the size, will eventually be affected. Businesses need to make a focused, conscious effort to make cyber security a top priority and to secure their company, employees and clients.
How Easy Is It to Access Your Personal Data?
While weak passwords are the most popular method of entry for cybercriminals, there are a significant number of people who don’t follow good password hygiene practices.
Here’s the good news: You can strengthen your cyber security by following these best practices.
Cybercriminals can figure out weak passwords in a matter of seconds using automated tools. Alex Balan, director of security research at security company Bitdefender, says “A hacker needs roughly two seconds to crack an 11-character password made up of numbers.”
If your password is more complex, with alternating numbers, symbols and uppercase and lowercase letters, the time needed to determine your password jumps to 400 years.
However, there’s a problem associated with creating complex passwords. Keeping track of multiple passwords makes people create easy-to-remember (and easy-to-guess) passwords.
A GitHub page for OWASP’s SecLists project reveals that the top five most popular passwords across the globe are:
- 123456
- Password
- 12345678
- qwerty
- 123456789
Equally concerning were Google’s findings that almost a quarter (24 percent) of Americans have used some variation of the following weak passwords:
- abc123
- Password
- 123456
- Iloveyou
- 111111
- Qwerty
- Admin
- Welcome
If your password is one of these, it’s a good sign you should change it immediately.
You Can’t Put Security on the Back Burner
It is your responsibility to keep your business safe. Becoming aware of your security risks is critical, because ransomware, data breaches and other attacks are not “what ifs,” they happen with increasing frequency and impact.
You must understand what proper password hygiene practices will do to help you protect yourself, and what responsibilities you need to take to ensure your company is secure.
Password Management Guide: Strong Passwords and How to Build Them
Experts agree that a strong password should be unique and contain a combination of letters, numbers and special characters. While password complexity helps in the long run, length matters much more. As cyber security experts, we recommend a minimum of 12 characters or more if possible.
Keep in mind: A 12-character password takes 62 trillion times longer to crack than a six-character password.
If a computer could crack a six-character password in one second, it would still take more than two million years to crack a 12-character password.
Here are some more tips from our cyber security team:
- Longer is better. Ensure each password is unique and not easily guessable.
- Sign up for data breach notifications. While the relevant company should tell you if your data has been exposed, signing up for a service like Have I Been Pwned? will increase your chances of hearing about a data breach before it’s too late.
- Never reuse the same or similar passwords. Use a different strong password for every account.
- Don’t write passwords down in the office. Whether it’s on a sticky note, in a notebook or a file on your computer, writing down passwords is simply bad for security.
- Change your password after a data breach. If you discover your information has been breached, you should change your password right away and check that there has been no unusual activity on the account.
- Watch out for phishing emails and sites. These use social engineering to steal personal information such as account credentials and banking information.
- Monitor your accounts. Check your online accounts regularly for any suspicious activity.
- It’s best to use a “passphrase” that is long but easy to remember, easy to type and hard to guess. Pick something that only you would know. For example, the phrase “I Love Pizza with Onions!” becomes “IL0v3Pizz@with0ni0ns!” Easy to remember, easy to type, hard to guess and, at 21 characters, VERY difficult to crack.
- Use multi-factor authentication (MFA). In a 2019 blog post, Microsoft manager Alex Weinert stated, “Based on our studies, your account is more than 99.9 percent less likely to be compromised if you use MFA.”
What Else Can I Do?
After learning about what steps you need to take to secure your passwords, you might be wondering if there are any other relevant tips or insights we can offer. If you want to learn more, feel free to contact us or book a meeting so we can help.
As an added bonus, you can check out our Password Management Guide, a free download to help you ensure your cyber security is actively protecting your business at full capacity. Our free resource can save you time, money and damage from a cyber attack. Check it out today.