Lax password security still represents the biggest cyber threat your business will face, especially in the new normal. Multiple studies reveal that users continue to ignore secure login best practice, which has only been exacerbated by the shift to working from home. As millions of newly remote workers have switched to accessing their business data outside of the office, hackers have stepped up efforts to exploit these potential victims as gateways to valuable corporate databases.
Here are some of the top reasons why password security is still your biggest cyber threat and network vulnerability:
Cybersecurity vs Convenience and Productivity
Many factors hamper good password security practice even in the most stable of times, including ignorance, stress and just plain forgetfulness. However, convenience and timeliness (or lack thereof) account for a sizable portion of bad practice influence as users devote only so much time to creating – and remembering – their plethora of passwords. Many already have such a high quantity of personal passwords to remember that they cannot generate the variation required for their business logins as well.
Having so many employees working from home can amplify security gaps, as remote workers are often forced to deal with increased distractions and lack of equipment as opposed to being in the office. Those without a company computer will use their own devices, and without the right cybersecurity training will likely expose business accounts to connected personal logins. With the pandemic causing significant shifts in operations for almost everyone, it will be that much harder to enforce proper password security practice at an organizational scale.
People are Still Reusing the Same Weak Passwords
Tech companies have also been gathering leaked passwords from data dumps in order to take their own steps to protect their users. This past June, a computer student based in Cyprus managed to consolidate this data to conduct their own study and reveal some of the most common patterns. Perhaps the most alarming is that the over 1 billion set of credentials contained only 17% (168,919,919) unique passwords – “123456” accounted for 7 million passwords by itself.
Microsoft conducts their own password security survey at the end of every year, and 2019’s revealed that up to 44 million of Windows users were still reusing compromised passwords. This report also highlighted the dangers inherent in these practices for Microsoft products and services, which are some of the most popular yet consequently some of the most targeted in the world. Hackers are increasingly going after users on Office 365 or Azure to take advantage of their lack of familiarity with cloud security practices.
Cloud Security is Password Security
Even before COVID-19 forced a shift to cloud-hosted platforms, instant remote communication, access and data sharing were becoming popular benefits for many businesses. Now that organizations across the world implementing contactless operations, SaaS connections are becoming almost ubiquitous. Everyone that leverages a Microsoft Office 365 or Google G Suite application to enable remote work is already engaging with a hosted server – indeed, working from home at this current scale would have been impossible without considerable previous infrastructure investments.
This means that the cyber threat generated by weak password security can mushroom into a company-wide attack surface expansion. If a hacker breaches one account, then they can try to access the connected servers. Attacker success depends on many factors – including the security infrastructure of the technology and service provider – but there is enough role segmentation on the user side to still make it dangerous to your internal network.
Multi-Factor Authentication Use is Growing
Research has revealed some good news – Multi-Factor Authentication (MFA) adoption is expanding significantly. This is because MFA deploys a whole new layer of cybersecurity between passwords and database access, which can make all the difference in the world for a hacker seeking an easy score. Utilizing an authentication like DUO can make up considerably for the pitfalls your remote workers face for proper password procedures.
Don’t Let Weak Passwords Be Your Last Line of Defense
There are plenty of new stories out there about SNAFUs at enterprise-level and SMB companies alike exposing heaps of sensitive corporate and customer data. What is often buried in these tales is that the majority originated through exploited credentials – don’t let a bad password be what breaks your company after surviving COVID-19.
Download our white paper here to learn more about how SWK’s MFA solution will augment your password security protocols.