Does Your Workforce Create Strong Passwords & Have a Plan B Cybersecurity Defense?
As the old saying goes, “a chain is only as strong as its weakest link.” Unfortunately, the new saying is that a business network is only as secure as its employees’ passwords.
Despite widespread knowledge that hackers exploit weak passwords to breach entire systems, trusted workers still use ones that are easy to guess at and repeat them across platforms. If that seems counterintuitive, business leaders may want to consider these statistics.
- The two most commonly used passwords remain “iloveyou” and “sunshine.”
- Approximately 23 million people use the password “123456.”
- More than half of workforces use the same password for personal and business purposes.
- Upwards of 57 percent of phishing email scam victims do not change their password.
- One-third of people stop doing business with organizations responsible for compromising their credentials.
What seems stunningly illogical about rampant password protection failures stems from this statistic: Approximately 90 percent of internet users say they are worried about getting hacked due to a compromised password. Industry leaders may be left scratching their heads. But as a decision-maker responsible for ensuring the integrity of digital assets, something needs to be done. You can set company policy that educates team members about how to create and remember strong network passwords. If that doesn’t work, there’s always Plan B.
How To Educate Employees About Strong Passwords
Getting workers to create powerfully secure passwords may not be that difficult. Insisting on a series of unrelated letters, numbers, and characters will fend off most hackers. On the other hand, team members will likely lose productivity, resetting a difficult-to-remember login profile. Fortunately, a happy medium can be achieved without too much difficulty.
Passwords do not necessarily need to be obscure. They just need to be difficult for hackers to unveil. A password employing 8-10 characters can be hard to crack if done cleverly. For example, the too common “iloveyou” can be tweaked to “iLuv2Make$,” which could be a tough one. That’s largely because it uses untraditional “Luv” in place of the spelled-out word, employs uppercase letters, a symbol, and a number. All an employee has to do is remember the phrase “I Love To Make Money” as a trigger.
Repeated passwords also need to be addressed. Consider training those under your leadership to make variations on one primary password. In this case, it could include “uLuv2Make$2” or “iH82owe$.”
It’s also important to share the reason that complex passwords are necessary. Hackers have a toolkit at their disposal that typically includes brute-force and dictionary techniques. When brute-force attacks try to run every conceivable combination of letters and characters possible. This tends to be time-consuming, and digital thieves are likely to give up when faced with strong passwords. Dictionary attacks run common words at the profile. If your worker’s password is “sunshine,” consider your network breached.
How Can Business Leaders Implement a Plan B?
Practical business leaders learn that human error ranks among the top reason things go sideways. Cybercriminals send out thousands of scam emails, knowing someone will open one, download a malicious file, or respond with critical information. Someone will make a mistake. Given that your financial future can be one mistake away from ruin, organizations are using multi-factor authentication as a fallback defense.
Multi-factor authentication requires employees to receive and enter a secondary code before gaining access to the network. This may be sent to another device that hackers cannot access. In some instances, an email alert is sent that must be approved. Even if someone foolishly uses “password123,” a cybercriminal would still need to know the authentication code or approve login access to upend your network.
If you are concerned about password security, consider working with a managed IT professional to educate employees about password protection, and install multi-factor authentication just in case.