Your employees are your greatest asset, and it isn’t limited to your work environment or productivity. Employees are your first line of defense in cybersecurity. There are many ways you can fortify your company’s resources—with firewalls, limiting access to shared drives—but one of the simplest and most overlooked way is through your employees’ passwords.
What is a Strong Password?
We have all heard it before: strong passwords are essential to online security. But, what is a strong password? Strong passwords are complex, meaning they make little to no common sense. Numbers and special characters are great when used appropriately. According to Forbes, “The five most common passwords, that SplashData found in [2017]’s password dumps: 1232546, password, 12345678, qwerty and 12345.” They may be easy to remember, but passwords like these are among the first hackers try. Forbes goes on to explain, “choosing common words from the dictionary isn’t any better. Among those that made SplashData’s list: welcome, monkey, football, dragon, master, and cheese.” If your passwords contain any of these keywords, you should probably change them now.
But how do you create strong, complex passwords, if these generic words are off the table? There are a few steps you can take, beyond keyboard smashing out a new password for every account. First, you should avoid using regular word patterns, such as MyPasswordIsLong, KentuckyFriedChicken, JustDoIt. Lifewire suggests injecting numbers and special characters in place of letters. “These passwords will take exponentially longer for a dictionary program to guess.” For example, jellyfish can become jelly22fi$h. The length of your password is also important. Most websites suggest 8-12 characters, but Wired says 12-15 characters is much safer. “It becomes way harder for a hacker to use brute force, much less guess your password.” When used properly, these tips can help build strong, complex passwords.
But weak passwords alone are not the problem, reusing complex passwords is just as harmful and prevalent. “Not even password complexity can protect accounts when password reuse is rampant.” Reusing passwords sounds great in theory. They are easy to remember and maybe even contain a special character and number. You aren’t alone in this thinking. In the 2018 OpenVPN survey, it was discovered a quarter of employees “reuse the same password for everything.” From social media to their work email, it is all the same. Unfortunately, duplicating passwords across websites is a serious security threat. You may not care that your employee’s Facebook password is the same as their work email, but a hacker does. “Individuals who use the same password to protect multiple portals risk compromising both their personal and work information.” One cybersecurity breach from an employee that uses the same password across accounts means your company is at risk.
Password Managers
Remembering 25 unique, complex passwords can be impossible, but there is help. You can invest in a password manager. A good password manager can store your passwords with two-step authorization process and create complex passwords for your accounts. According to Wall Street Journal, “when you download a password manager onto your phone or install it on your computer, it can import the passwords you saved in your browser and evaluate their level of strength—including how many times you’ve reused them.” Nothing is 100 percent, but password managers prevent you from falling victim easily. “While password managers aren’t zero-risk, they’re a good line of defense that keeps you from being low-hanging fruit—unlike people who are, for instance, storing their passwords in draft emails, using common words as passwords or using the same passwords across multiple sites.” Password managers help your employees use unique, complex passwords across accounts and protect your assets.
Your employees are essential to your company and cybersecurity. Their education on protecting their own assets and yours is important. The OpenVPN survey found “employees are less likely to shy away from security training and are more incentivized to change their approach to cybersecurity when they are sent encouraging messages for safe internet behavior.” If you are worried about cybersecurity safe practices, Access Systems can help you. Schedule a cybersecurity workshop today! Please contact Derick Tallman for any inquiries: dtallman@accesssystems.com.