Cybercriminals continue to exploit password weaknesses
The ninth annual World Password Day is May 5th. Intel initially created this event to raise awareness about the importance of strong passwords. Even after reminders and the organization’s updated security policies, per a Google/Harris survey, 52% of users reuse the same password for multiple (but not all) accounts; 35% of users reuse the same password for all of their accounts, and only 13% use a different password for all accounts. In addition, over 82% of employees admit to recycling passwords.
In 2020, the top type of information stolen worldwide was credentials. – over 60% of data breaches involved cracking or using stolen or recycled credentials. Although your organization may have strict password policies, that doesn’t mean your end-users aren’t reusing passwords for their Facebook, personal email, or Amazon accounts.
Emphasizing and enforcing good password policies
Require confidentiality –
ensure your employees understand the need for password confidentiality. Remind them regularly that sharing or having “post-it” notes with passwords is not allowed.
Use block-listing –
automatically prohibit specific passwords or password strings like the famous “123password”.
Set a minimum length –
typically, a minimum of eight characters and symbols is required, but your organization may want to use a longer length.
Set a password history –
don’t allow the reuse of previous passwords (going back at least four to six prior passwords) to discourage people from cycling through changes to revert to a familiar password. Monitor password changes and investigate employees who make changes within a short period. They may be changing to “outsmart” the password history requirement.
Don’t use password hints –
although helpful in reminding your employees of their password, the ‘hint’ is often something familiar that a hacker can easily find out from social media.
Implement Multi-factor authentication (MFA) –
according to Microsoft, MFA can stop 99.9% of threats to passwords. It can be implemented in various ways, from phone calls, text messages, or codes. MFA is a simple yet effective roadblock to accessing an account and strengthening overall data security.
Reinforce password standards –
training and reminding your staff about password guidelines should be part of your overall cybersecurity plan. Include password training as part of your security awareness training. Sending a “password reminder” is as easy as sending out this article to your team and recognizing national password day.
Password policies are just one step
Reinforcing good password policies is a simple way to increase your organization’s cybersecurity posture. However, it is crucial to evaluate your organization’s overall IT security to keep it safe. Contact Dewpoint today to set up an evaluation and take the additional steps to increase your IT security and reduce threats.