If you don’t want to fall victim to a cybersecurity incident, you need a strong password.
“Breaches, as always, continue to be mostly due to external, financially motivated actors. And 61% of breaches involved credential data,” Verizon revealed in their 2021 Data Breach Investigations Report of nearly 30,000 cybersecurity incidents.
Having a strong password is a great first start in preventing a cybersecurity incident.
While they aren’t the only protection an organization can put up against data breaches, they can mitigate the damage.
Here’s how to audit your accounts for password strength, and what else you can do to protect your data.
First, be sure to include passwords in your security awareness program—educate your employees (and customers) about what a good password looks like, how often it should be changed, and the importance of why passwords matter.
Be sure to highlight the following tips in your security awareness program:
In your security awareness program, highlight examples of good passwords using the principles mentioned above.
Passphrases are often preferred to passwords because they’re harder to figure out.
For example, you may consider converting a phrase to an acronym and use that as your password:
ApIw1,0o0W → A picture is worth a thousand words
Find a phrase that is unique to you.
Compared to good passwords, bad passwords are commonly used and easy to guess.
The top 10 worst passwords in 2020, according to NordPass, were:
Combined, those passwords were exposed nearly 50 million times.
Most took less than a second to crack.
Bad passwords also include sensitive data such as birthdays, anniversaries, street addresses, and other information that is connected to the user.
Having a strong, unique password or passphrase for each of your accounts is challenging.
That’s why we recommend IT departments install and enforce the use of a password manager across their network.
Password managers generate, store, and help you update passwords.
Most password managers also offer users and IT departments real-time security checks to help you understand whether specific passwords have been potentially compromised in a cybersecurity incident.
Plus, password managers also help you understand the age of a password—industry regulations may dictate or recommend that passwords change regularly, such as every 30, 60, or 90 days. That way, you can know when an older password needs to be changed for a newer one.
Finally, we recommend—and some industries require—the use of multi-factor authentication (MFA) to help keep your sensitive information protected.
MFA requires more than just a password to ensure the user logging in is the person who is supposed to be there. Enabling MFA for your business means that no matter how clever the criminal, they will still be missing one or more factors, preventing access.
MFA has five key factors:
Overall, we recommend a thorough audit of your business’s passwords in order to either achieve compliance or to implement best practices for your organization.
By educating your team about the importance of strong passwords and password management, your business maintains a much better defense against cybersecurity threats than those who don’t.
Passwords and MFA are just two components of a comprehensive data security plan. How many of these 20 safeguards does your business protect against? Download your Data Security Checklist today!