Everybody knows secure passwords are necessary to keep your identity and privacy protected, but is everyone at your company treating corporate security with the same seriousness as they are using to guard their own credit cards or bank accounts?
And even if so, are you sure you’re doing enough to protect your data — or your customers’ data?
According to a 2019 report by LastPass, 80% of data breaches occur because of compromised passwords. Hackers are sophisticated enough without getting a head start from companies that don’t take password security as seriously as they should.
Don’t reuse passwords.
We’ve all got too many passwords to remember, so it may be tempting to memorize just one password for all of your accounts. On average, about 90% of people under age 30 reuse their passwords on a daily basis. We are all for convenience, but reusing passwords could cost you your security. Think of your passwords like they’re the keys to everything you own; don’t let someone have access to all of it if they happen to get access to just one account.
Be intentional, but don’t overthink it.
According to a recent survey in the U.K., 23.2 million victims of data breaches used 123456 as a password, with 123456789, qwerty, password and 1111111 following behind. The point of passwords is to make it harder for someone to guess.
Intentionality is important, but it’s not enough to use your dog’s name or your favorite movie as your password. Surprisingly, thousands of people surveyed used their names as passwords or even popular musicians like blink182 and fictional characters like superman. Easy recall may be tempting, but at what cost?
Using randomly generated passwords or mixing in uppercase and lowercase letters, symbols and numbers throughout a word or phrase is your best bet.
Also, it’s best to have a longer password — even adding a little bit of length to a password greatly increases the number of possible passwords. If you need to remember the password and/or manually enter it, sometimes it helps to string words together. Treating whole words as your “alphabet” creates a significantly larger number of possible passwords to guess than individual characters.
Take extra precautions.
The convenience factor may lead us to let our browser remember passwords for us, but people can easily get a hold of your device and access your accounts without ever needing to know your password. Also, avoid entering passwords while on unsecured WiFi networks (such as in airports and coffee shops). Hackers can easily intercept and steal your credentials.
And it may seem to go without saying, but it shouldn’t: Don’t write them down anywhere, and don’t let your ex-employees have continued access to company files and accounts.
What’s the solution?
Password managers are one of the top ways to safeguard yourself and your company, but even if you do use them, they’re only as secure as your continued upkeep of them is. Here’s why password managers are worth the investment:
- You won’t be prone to phishing attacks. With password managers, the domain name must match the record upon logging in for the platform to serve up a password.
- You can easily access old passwords. Don’t waste the IT team’s time. Did you know 50% of help desk calls are for password resets? Also, if you were wondering, the average cost per reset is $70.
- You don’t have to remember them. On average, employees may have to remember up to 191 passwords for work. Let the platform do the work for you.
- You can secure password sharing for teams. And avoid the insecure methods people often use, such as through emails, texts and writing them down.
- You can centralize your passwords. This way, you have visibility in how your employees practice password security.
- You can simplify the onboarding/offboarding process. You can easily give and revoke access to employees.
- You can enforce role-based access to company data. You can make sure employees only have access to the data they need to perform their job.
Your main goal when it comes to cyber security should be to protect your employees, your company and, importantly, your customers without forsaking productivity. Both security and productivity should go hand-in-hand, so before you claim your company is secure, make sure to really evaluate your practices — and regularly check your records to make sure only current employees have access to your valuable data and accounts.
