A near-constant stream of data breaches, online scams, phishing attempts, and privacy invasion is the new normal. It means that password security is more important than ever — to individuals but especially to businesses.
The average cost of data breaches rose to $8.19 million in 2019, enough to sink even a big company. It includes:
- direct costs (ransomware, loss of sales),
- indirect costs (loss of reputation),
- hidden costs (lost business hours as employees deal with the fallout).
Many of those breaches happen because of a user error, namely, stolen and reused credentials. The 2019 Global Password Security Report revealed compromised passwords are responsible for around 80% of hacking-related breaches.
Password security issues have been a challenge for IT teams to cope with. They cannot keep track of every employee’s password habits. Below you’ll find some of the biggest mistakes employees make regarding password security and what the companies can do about it.
1. Weak Passwords Are the Bane of Company Accounts
Passwords are the only things keeping accounts from being accessed by outsiders, yet people make them easy to guess. They do so to remember the passwords easier, of course, but that means criminals find them easy to predict as well.
There’s a good reason that many of the passwords on HaveIBeenPwned’s list of breached accounts coincide — everyone does this. They think the passwords they use are simple but fine. In the meantime, a lot of other people are thinking the same thing.
2. Employees Keep Reusing Passwords and Sharing Them
Employees don’t follow best password practices at home. They certainly don’t change that the moment they arrive at the office. Again, it’s a hindrance to productivity, and there are too many passwords to remember.
Most people know that they shouldn’t write passwords down. They also know that reusing passwords across different accounts is bad. But they still do these things because it makes it easier to complete daily tasks without the hurdle of remembering a password.
Moreover, password sharing is often rampant between teams because of the same reason. Employees don’t take password security as seriously as they should because they don’t see the risks and want to get on with their work.
3. Personal Devices are Security Weak Points
Companies don’t need to worry only about the security of company accounts anymore. Employees bring all sorts of devices to work. Or they use work resources to log into and check their social media accounts. Either way, there’s no real way of stopping them from accessing their online accounts during work time.
But that poses a serious risk to security. If an employee’s account or device becomes compromised at work, while they’re connected to the network, then that could compromise the entire network as well.
It means managers and IT teams not only have to be responsible for company accounts and hardware but also think about this too.
4. Companies Get Complacent About Passwords
Companies put policies in place (at least most do) that cover online behavior and password safety. But they don’t do enough to follow up on those policies or make password management more straightforward.
Tips for Keeping Business Accounts and Passwords Safe
While this list is by no means exhaustive, it does cover most of the basics that every business needs to do to protect their accounts:
- Put someone in place who’s responsible for following up on security policies, especially those on password use.
- Set up admin rights that keep people out of systems and away from company data that they don’t need to complete their tasks. This way, should their accounts or device become compromised, then the damage is at least limited and less challenging to deal with.
- Get tools that automate password security, such as password managers. Make sure to pick a password manager that is secure and uses a robust encryption method (XChaCha20 encryption, for example). Also, make sure to look for a backup and sync feature that makes safe password sharing possible between different devices. Read more information here: https://nordpass.com/features/XChaCha20-encryption/
- Share admin rights on social media accounts like on Facebook instead of sharing the login details. You can revoke those rights later if necessary.
Password security might be a headache for companies, but that won’t change unless they take action. IT teams can only do so much, and management needs to equip both them and employees with the correct tools to keep passwords safe. Better policy regulation and better control can help alleviate this issue.
Rebecca James: Enthusiastic Cybersecurity Journalist, A creative team leader, editor of PrivacyCrypts (https://privacycrypts.com/)