|
The spike in cyberattacks leading to system breaches and data leaks begs the question to when and how they will happen.
Passwords and usernames remain a key point of vulnerability as they are still used for access and authentication. And despite warnings from us and so many more too many people use weak and recycled passwords.
A report by cybersecurity firm Sophos revealed that the “number of cyber-attacks on businesses in South Africa, Kenya and Zambia increased by 76% in 2023” and comes at a huge cost.
Each year various sources publish lists of the most used passwords. Research by NordPass often highlights usual suspects like “123456”, “admin”, “12345678” and “password”.
These passwords can be cracked in less than a minute by highly skilled hackers and those with basic hacking skills exposing YOUR confidential information to theft, deletion, or tampering. AI tools are making hacking easier.
In some organizations, passwords never expire, creating opportunities for unauthorized access. In many instances, compromised passwords result in online identity theft. Nor are password-saving features, such as websites offering to auto-save when you create a new account, a flawless solution. Despite the convenience, these platforms pose a risk of credential exposure.
As a matter of fact, I reported back in August that the UK recently passed a law mandating that all internet-connected smart devices, from smartphones and connected fridges to gaming consoles, must meet minimum security standards by law – https://www.linkedin.com/feed/update/urn:li:ugcPost:7227275551210696705/
What can companies do differently?
A password policy and corresponding standards should be developed and implemented to meet the company’s cybersecurity objectives. How this is done depends on the organization and the type of business. For example, financial institutions and credit card companies may find the Payment Card Industry Data Security Standard to be most appropriate. Others might find the NIST guidelines or ISO/IEC 27001 security standards useful. These are global standards.
Companies must ensure that employees are fully informed about the policies and procedures related to password use and that they understand their responsibilities.
They should therefore:
- conduct regular awareness campaigns to promote safe password practices and address potential password threats
- follow best practice security standards for user accounts management and password control
- incorporate password-strength meters to assist users in generating more secure passwords
- consider adopting multi-factor authentication, which requires two or more pieces of evidence to authenticate a user – for example a password and facial or retina recognition
- ensure that the password files are encrypted
- conduct regular audits to monitor and ensure compliance with password policies and standards.
Not sure your company is set up for this – WE ARE!
What about individuals?
Individuals can enhance their online safety both at work and in their private life by remaining vigilant and informed about the latest threats that could compromise password security. In organizational settings you should:
- know and follow organizational policies and standards for safe password use
- participate in awareness and training sessions
- keep your login credentials safe and secure, in other words NOT saved to a file marked Passwords or printed and left under your keyboard – I’ve seen both in use!
- log out after every session, especially when you’re using a shared computer
- use passwords which are strong and unlikely to be guessed by attackers
- avoid using sequential characters or repetitive phrases for passwords, recycled or easily guessable passwords such as dictionary words
- check if the chosen password is not already on the list of breached or common passwords
- change your password whenever a compromise is suspected and at least every 3 months on ALL websites and email accounts
- use encrypted password manager tools to store passwords safely.
What are the biggest password no-nos?
Don’t use basic or easily guessable passwords, such as common dictionary words. Users should aim for a password not shorter than 12 characters long, a combination of alpha numeric (letters and numbers) and special characters, and lower and upper cases (small and capital letters) and keep it confidential.
It’s also important not to reuse passwords across different accounts.
Don’t use auto-fill or save your passwords on websites especially on shared computers.
Avoid sharing passwords or revealing them to others, particularly with colleagues in the workplace. If you must share a password, ensure that it is authorized by the manager and that the details are documented for auditing purposes.
Never give password details over the phone to individuals claiming to be IT technicians without proper verification.
Some of the ways to verify the authenticity of the call are as follows:
- confirm the ticket number the caller is referencing
- ask the caller to send an official email to your account, especially if you don’t have issues accessing a computer
- if an internal telephone number is being used, check the authenticity of the call
- request identification details from the caller such as their name, office location, department, and reporting lines.
Cyber security is a big and serious business – when in doubt, engage specialists like us to avoid being the victim!
Richard Freiberg
Profitability Consultant
Richard Freiberg CPA PC
Phone (980)339-3352
Cell (914)393-0033
www.rmfreibergcpa.com
LinkedIn
to subscribe to Cyber Insights Today
to subscribe to LinkedIn Newsletter Cyber Security
Providing valuable counsel to help boost your company’s bottom line, while navigating competitive forces, industry, and economic risks in today’s challenging environment
|
1 thought on “Why is password security so important”
Yo, passwords are like the campfire of the internet. Keep it strong and unique, or you’re just asking for trouble! 🔥