May 3, 2019
A leading cause of business payment data breaches are the use of default or weak passwords. An astonishing 81% of company data breaches are due to poor passwords according to the 2018 Verizon Data Breach investigations Report (New report anticipated soon).
Many employees are reusing home passwords in the workplace, even though nearly all of them know that reusing passwords across multiple platforms is malpractice. According to Trace Security, 59% of people use the same password for everything, both home and at the workplace. They also site that users aged 18-31 re-use the passwords the most at 87% of that age group.
Recent analysis by the National Cyber Security Centre (NCSC) in the UK found that Millions of people are using passwords on sensitive accounts that are easy to guess. The analysis also includes breached accounts and found that ‘123456’ is the most widely used password. Which is not far off from default passwords on many payment terminals at ‘1234’.
The analysis by the NCSC found that aside from default passwords, top passwords at risk of being hacked were well-known words or names, including Premier League football times like Liverpool or Chelsea. Blink-182 was also a top password along with common names like Ashley, Michael, Daniel, Jessica and Charlie. It’s not a good idea to protect sensitive data with something that can be easily guessed.
For something so simple as a password, when exploited, the financial burden to businesses can be huge. The Dropbox breach in 2012 was the result of an employee reusing a password at work and ended in 68 million users credentials being stolen and sold online to malicious hackers.
Both the Marriot and Equifax’s security breach cost over $450 million and there are countless others including top companies such as Yahoo, LinkedIn, Adobe, and Target who have lost due to poor security protocol.
Even if it’s an employee’s fault for having a password compromised, businesses are still obligated for their employees actions.
So what steps can businesses take to ensure employees are using strong and secure passwords?
Given the stats, employees are not aware of how their password usage puts themselves and your business at risk. Educate your employees on password best practices and the risks of weak passwords. Explain how poor passwords can lead to company data breaches and identity theft.
Don’t Share Passwords
As simple as it sounds, this gets neglected all the time. Employees get comfortable sharing their credentials and whether it’s written down on a notepad or shared with their fellow employees via email, it allows one more point of contact that can be breached. This is a must that should be included in your employee education.
Get A Password Manager
If able, password managers are great because they store all of your passwords for your applications and can suggest strong and secure passwords when the time comes to change them.
Change Passwords Regularly
PCI DSS suggests changing your passwords like you would your toothbrush. In addition to not letting anyone use them, change them every three months.
Make Passwords Stronger
Complicated passwords should be required. A longer more complex password makes it more difficult for hackers to crack. According to LifeHacker, passwords with eight characters, all lowercase takes hackers less than three days to crack.
We suggest stringing three random but memorable words together with but with varied characters including numbers, symbols and uppercase letters.
Use Two-Factor Authentication
Two-factor authentication uses two pieces of information when validating employee credentials. They are something the employee knows like their password or a personal question and something an employee has which can either be a mobile device or key-fob with a code that changes every few minutes.
Only you can protect your business from company breaches and it’s important to follow these guidelines to keep company and employee information safe and secure.