If you don’t want to fall victim to a cybersecurity incident, you need a strong password.
Having a strong password is a great first start in preventing a cybersecurity incident.
Weak passwords are among the many factors that make up the human element that can lead to a data breach.
"The human element was a component of 68% of breaches," according to Verizon's 2024 Data Breach Investigations Report.
While strong passwords aren’t the only protection an organization can put up against data breaches, they can mitigate the damage.
Here’s how to audit your accounts for password strength, and what else you can do to protect your data.
First, be sure to include passwords in your security awareness program—educate your employees (and customers) about what a good password looks like, how often it should be changed, and the importance of why passwords matter.
Be sure to highlight the following tips in your security awareness program:
In your security awareness program, highlight examples of good passwords using the principles mentioned above.
Passphrases are often preferred to the password because they’re harder to figure out.
For example, you may consider converting a phrase to an acronym and use that as your password:
ApIw1,0o0W → A picture is worth a thousand words
Find a phrase that is unique to you.
Compared to secure passwords, bad passwords are often used and easy to guess.
The top 5 worst passwords in 2023, according to NordPass, were:
All of the top 5 passwords took less than a second to crack.
Bad passwords also include sensitive data such as birthdays, anniversaries, street addresses, and other information that is connected to the user.
Having a strong, unique password or passphrase for each of your accounts is challenging.
That’s why we recommend IT departments install and enforce the use of a password manager across their network.
Password managers store, update, and create strong passwords for online accounts.
Most password managers also offer users and IT departments real-time security checks to help you understand whether specific passwords have been potentially compromised in a cybersecurity incident.
Plus, password managers also help you understand the age of a password—industry regulations may dictate or recommend that passwords change regularly, such as every 30, 60, or 90 days. That way, you can know when an older password needs to be changed for a newer one.
Finally, we recommend—and some industries require—the use of multi-factor authentication (MFA) to help keep your sensitive information protected.
MFA requires more than just a password to ensure the user logging in is the person who is supposed to be there. Enabling MFA for your business means that no matter how clever the criminal, they will still be missing one or more factors, preventing access.
MFA has five key factors:
Overall, we recommend a thorough audit of your business’s passwords in order to either achieve compliance or to implement best practices for your organization.
By educating your team about the importance of strong passwords and password management, your business maintains a much better defense against cybersecurity threats than those who don’t.
Passwords and MFA are just two components of a comprehensive data security plan. How many of these 20 safeguards does your business protect against? Download your Data Security Checklist today!
