One of the most under-rated security measures in any business is password protection. Why? Because we underestimate the value of secure passwords and rational password policies. With small, and simple, changes to password protection, you can defend your systems against cyber criminals and save yourself a lot of trouble.
Brute Force Attacks
Studies have shown that around 11% of people are using ‘1234’ as their passwords, and on top of that, more than 6% of people use ‘1111’. Based upon this research, over 15% of your employees probably have one of those two passwords.
To make matters worse, one of the top hacking methods are brute force attacks. Using this method, hackers effectively implement a trial-and-error technique to guess login information, pitting all variations and combinations together to come up with the correct ‘key’ into accounts. If a hacker were to target a business in which 15% of the employees had the same two passwords, their job becomes a whole lot easier.
Brute force attacks, and cyber-attacks on the whole, aren’t often personal. The gains hackers can make range from collecting data, to theft of personal details or money, or even disrupting sites and spreading malware. So, while it is possible, it’s unlikely that a business will be specifically targeted. This random method of attacking means that almost every business is at risk, which can lead to disastrous outcomes.
What Happens if You Get Hacked?
If hackers were able to get into your organisations systems, the penalties range from financial loss and fines, to your entire systems being altered.
The financial impacts of an attack are vast. Corporate information could be stolen, capital could be taken, and the ability to trade could be affected. Plus, if your data is breached and you alert the ICO, as per GDPR guidelines, then you are risking over £8million fines.
If a hacker successfully gains access to your systems, it is likely customers or prospects will lose a lot of trust in your business. If your organisation specifically deals with sensitive or valuable data, then this could be incredibly damaging for your business perception. The impact on your reputation will, again, cause financial implications through a loss of customers and reduction in profits.
So, How Can Passwords Help?
While passwords are just the tip of the iceberg of cyber security, getting your password security right is a great start. Here are our solutions for better password security.
1. Less is more – Passwords are important, but a lot of organisations rely on them when there is no need to, which can actually be more damaging. Think about where you really require passwords, and if they are being overused, try to cut back.
2. Deny common passwords – As we mentioned above, a huge proportion of people are using very common, and very easy to guess passwords. By implementing password deny lists, if an employee tries to set their password to ‘1111’ they will have to choose something more secure. You should also be able to search existing passwords to irradicate this ‘common’ options.
3. SSO (Single sign-on) – SSO is a great way to allow employees to select a single set of credentials for use across multiple applications. By reducing the number of details staff need to remember, they will be more likely to stick to stronger passwords.
4. MFA (Multi-factor authentication) – MFA is like adding another password layer. Following the implementation of a password, it requires authentication through a third-party system in order to access the application. This can usually be done via an app or through a text verification.
5. Train your employees – Many people do not realise the impact their password security could have on the bigger picture. By sharing important information with your team and educating them on the importance of cyber security, they will become your biggest defence.
Of course, password security is a quick win and there is plenty more that can be done to secure your systems. If you’d like to find out more about cyber security options, get in contact with us today!