We need to talk about passwords
Securing your IT environment is an important element of keeping your business data safe. Implementing the latest security based technology such as anti-virus software, web proxies and firewalls can help. But one of the most vulnerable point in any organisation is still frequently overlooked, user passwords.
The Password Problem
123456, password, 12345678, qwerty, abc123, admin, letmein. These are just some of the insecure passwords from the 15 most popular of last year. These passwords can be hacked in seconds and are easily guessed.
It is always encouraged to use complex passwords. However this comes with additional problems. Complex passwords can lead to passwords being constantly forgotten and having to be reset, resulting in productivity loss. Users may then result in writing these down to help avoid this, usually next to the computer the password is protecting.
One Password, Multiple Accounts
According to studies over 50% of users tend to use the same passwords for multiple services. Password reuse is a result of password overload. Users aren’t trying to cause security holes in the company infrastructure on purpose, they are just trying to make their lives easier. The average user has 25-40 online accounts. They also rarely separate personal and work passwords. If someone can access one of their accounts, they can now probably access all of their accounts, including their business one.
Some users believe they need to share passwords with colleagues to check each others email and have access to documents etc, whether this be permanently or temporarily. However most passwords are never changed once shared. Should an employee leave the company and still have access to those accounts, there’s a potential for damage to be done.
Much like sharing passwords it is believed that having a default, business-wide password is more convenient for colleagues to access each others emails/documents etc. However enforcing a company-wide passwords now gives every employee access to every other employees account. This could include confidential information such as Accounts details or Director’s email.
How can businesses solve the Password Problem?
– Have a rigorous company password policy, including complexity and expiration. Ensuring that policy is fully enforce, to all users.
– Help users to understand they understand the risks of using weak passwords, using the same passwords for multiple accounts and sharing passwords.
– Introduce addition security including two factor authentication with smartphones, smart cards or keyfobs etc.
– Help users manage multiple password by using company-wide password management software.
– Introduce other security features to reduce risk of passwords being hacked, such as firewalls, anti-virus software and web proxies.
The security of your IT infrastructure is only as strong as your weakest link. Businesses need to ensure they address the password problem to remove any possible insecurities that exist. Reducing the risk to integral business data.