Passwords play an important role in keeping our accounts and data safe, but not following proper password practice is one of the biggest weaknesses to cyber security. We’ve shared what makes reusing passwords so risky and the steps you can take to strengthen your organisation’s defences.
Creating unique passwords can often seem time consuming and difficult, so it’s understandable that many users often opt to simply reuse an old password instead. Unfortunately, cyber criminals are all too aware of this bad habit and see recycled passwords as an open door into our most important accounts.
The danger of this is simple: once a cyber criminal knows your password for one site or account, they will try and use it to gain access to your other accounts. Worst of all, in many cases, the victim will be none the wiser until it’s too late.
There are many ways a hacker can get their hands on our passwords – for example through a phishing email scam or a third-party data breach. In the recent Marriott breach, thousands of customer details were exposed after hackers accessed the hotel’s database using the compromised login details of two employees.
Stolen credentials are then often listed on the Dark Web, where they can be exploited and accessed by different networks of criminals.
This means, if a data breach reveals just one of your employee’s passwords that’s been across multiple accounts, your company data is at an immediate risk. The consequences of this can be severe and costly – both financially and to an organisation’s reputation.
With cyber criminals quick to capitalise on the coronavirus pandemic, there’s been a sharp increase in the number of phishing and credential stealing attacks reported – and businesses can no longer afford to ignore this growing problem.
The best place to start is requiring all of your end users to implement a password manager, where they can safely store their passwords in one place. Many password mangers also have a generator tool, which will help create unique passwords that incorporate a range of numbers and symbols. This means your users will be able to easily create and save different and completely random passwords for all of their accounts, whilst only having to remember one important master password themselves.
Whilst a password manager is a step in the right direction, this alone won’t fully safeguard your business. We also recommend implementing multi-factor authentication (MFA) across your important accounts to add an extra layer of security.
It’s important that you get your employees onboard, too. Ensuring your team is fully trained on password best practice and the importance of safe cyber hygiene is critical to preventing the use of weak or old passwords and protecting your business accounts.
Stolen credentials or other personal information are often trafficked and sold on the Dark Web, without your or your employees knowing about it. With many people reusing the same password across multiple accounts, it couldn’t be easier for hackers to gain access to your network and your valuable assets and data.
Our Dark Web scan searches every corner of the internet to identify if your business usernames, email addresses and passwords are listed.
Protect your company with a free Dark Web Scan today.
Find out how our Cyber Security specialists can help...
Please complete the form below with details of your enquiry and we’ll be in touch shortly.