WORLD PASSWORD DAY: WHAT NEEDS TO BE DONE?
#password day 2019 #world password day
2nd May was the World Password Day, and I don't think, in this world of increasing data access and escalating cybercrime, we take our passwords seriously enough. 2019 has not even been six months in, and we have witnessed five significant data breaches including that of Facebook, Ministry of Health (Singapore) and more because of security negligence on the part of those delegated to maintain the sanctity of the records.
ALARMING FACTS ABOUT WAY WE USE PASSWORD
We live in a world of internet connectivity, where a plethora of online accounts are created every second globally; and as long as we are online, we are vulnerable to the attacks by sly cybercriminals. They are always on the lookout for an opportunity to hack through our delinquency, one of which is setting-up weak passwords.
Did you know that the total cost for cybercrime in 2018 accumulated to a massive $2.7 billion? To think that the target might have been only opulent class or industries would be a mistake, as our problematic behavior of not giving enough attention to password security is one of the reasons behind it.
With the average cost of data breach expected to exceed by $150 million in 2021 and only a handful percentage (38%) of the global organization actively prepared to tackle cyber attacks of any sorts, we no longer can afford to overlook our bad habit of mindlessly setting up the passwords only to regret the decision when something grave happens.
MISTAKES BUSINESSES MAKE IN SETTING A PASSWORD
Whether you are an individual working from home on your laptop or a business operator that extensively depends on the stored data for its adequate functionality; keeping data safe from getting accessed and used by unauthorized being should be the foremost priority.
While investing in IT security has now become the need of the hour for every business, what they mostly fail to gauge upon adequately is their password protected access point, which leaves a door with less resistance open for the hackers to easily access and misuse your confidential data against you.
Be it not updating the old passwords or the hurry to set up and forget, let's discuss some of the mistakes that business across the world make in setting up a password and keeping their sensitive data safe and secure:
- USING SINGLE PASSWORD EVERYWHERE:
This is the primary reason behind identity theft; using a single password for all accounts. While it may look convenient by being easy to remember, being sloppy and keeping unique password everywhere makes you and your organization susceptible to various cyber crimes, some of which might be impossible to recover from.
- SETTING UP WEAK PASSWORDS:
Is your security software shooting out constant notification of your password not being strong enough? Well, most businesses don't need it and land in a hot soup. (Did you know that 1234 and password were some of the common passwords used to store an organization's sensitive information?) Some of the common mistakes that make a password weak and vulnerable are:
- keeping it too short;
- Only using alphabets/numbers;
- Keeping username and password game;
- Using a generic term or personal information as a password
- Using a globally known pattern
- STORING IT ANYWHERE:
Most business while if successfully create a secure password, make it vulnerable to easy access by storing in it a local browser or in spreadsheets. So much is the security of the data undervalued by the specific business operator, that they store it is sticky notes ( Can you believe it?).
- NOT USING MULTIPLE FACTOR AUTHENTICATION:
It might look like a hassle, but as a business operator, you have to go to extra length to ensure that your data is safe and secure. 2-factor authentication/ multiple factor authentication adds an extra layer of security to make access to information by the attacker challenging. Most businesses overlook 2FA or MFA as a security tool, which makes them vulnerable to fraud, identity theft, and data loss.
- NEVER UPDATING IT:
Similarly, how not timely updating the software can lead you to miss out on a various opportunity, making the system more vulnerable to cyber crimes, not updating the software periodically can be catastrophic to your business. Timely changing the password with a more robust one is imperative to enhance the security of the data.
- SHARING IT:
No matter how strong your password is, the minute it is shared with the people it's not supposed to be, your account's integrity gets compromised, and you put the entire organization at risk of a data breach. Never share the password with a non-delegated authority.
Seen in the image above are some of the common password patterns, that make it weak and pose a tremendous threat to the business be it big or small, using it.
TIPS TO STRENGTHEN YOUR PASSWORD
- ACCESSIBILITY CONTROL APPROACH:
Implement an accessibility control approach in your organization by adopting multiple factor authentication, mobile device and app management, and privileged access management:
- An MFA, as mentioned above, will enhance your data's security by adding several layers for authenticating whether or not the person accessing the information is authorized to do so.
- Mobile device management is essential to ensure any, and every login made through mobile devices, especially in remote working culture is safe and secure.
- Privileged access management restricts the accessibility of the information to authorized people. This also includes strict supervision of the privileged users, giving just required accessibility according to the designation.
- PASSWORD MANAGER:
Get a robust password manager installed in your system to ensure securing of multiple passwords with encryption. Password managers not only eliminate the need to memorize complex password but they also proffer practice of using stronger password and avoids reusing the same password. They increase the auto-filling efficiency, especially if the data being stored is sensitive, and it is one of the most secure storage solutions.
- PASSWORD POLICY:
Create and educate your employee about an active password policy that not only includes building a strong password or using a different password for different accounts but for you to think like a hacker when devising a strategy. A secure password management tool should be an integral part of this password policy.
As technology is evolving; helping us live a more accessible life, so is the methodology of cyber-criminals. They are coming up with new and more subtle ways of taking advantage of the loopholes. This is why it's time you give the password protection and management, the much-needed attention.