Passwords are the weakest link, says Muhammad Yahya Patel, Security Engineer at Check Point Software.
Passwords have been the keys to the kingdom for over 50 years, guarding the most sensitive data an organisation has. Yet despite their intrinsic value, they are one of the most overlooked forms of security, with more than 23 million people using ‘123456’ to protect their accounts. More alarming is the fact that this year, ‘password’ was the most used phrase in the UK, according to NordPass. It is no wonder then that 90 per cent of internet users are worried about their password being hacked.
These statistic should be keeping business owners up at night, especially because 51 per cent of users have the same passwords for work and personal accounts. The question is, where does the blame lie when a weak password leads to a breach? Is it down to the individual to take personal responsibility, or do we need to apply pressure on companies to introduce more robust authentication methods? In my opinion, the answer is all the above.
The average person has 100 passwords to remember. It is no surprise that many suffer from “password overload” due to the sheer number of online services and applications they use, both work-related and personal. Add in the need to generate complex passwords with characters and symbols, and the human brain will seek the path of least resistance, which often results in poor password practices.
All it takes is for a single employee to have one account hacked, and a threat actor could potentially access every application they use, including professional collaboration tools such as Teams, Slack and Outlook. This could result in the leak of customer data, costly ransom demands or fines, or a complete loss of customer trust that can be difficult to regain.
The impact of a breach could be even more harmful if it happens to someone with a higher level of permissions than other employees. In that case, cybercriminals could manoeuvre their way into the network almost unchallenged and create widespread damage.
If you are in an executive role, then it is especially important that you take proactive steps to combat password theft and credential exposure. Here are some of the ways you can strengthen password security protocols, and the steps that can be implemented for an immediate impact.
Remove reliance on passwords
Executives need to enact and enforce good cybersecurity practices. The best way to do that is to reduce the reliance you have on passwords alone. This means organisations need to adopt other authentication methods to reduce the chances of becoming overwhelmed. For example, by combining multiple account protection solutions such as two factor authentication apps with biometrics, you will lower the chances of a successful attack while at the same time, helping to improve the overall security posture in your organisation.
Businesses could also consider using Single Sign-On (SSO), which allows a user to authenticate themselves on multiple, separate platforms via a single ID. This solution negates the need for several different passwords. There is an element of risk, but by combining SSO with multi-factor authentication you can add a second layer of protection.
Improving your password hygiene does not have to be complicated, but it does need to be implemented now to minimise the chances of an attack. In the current cyber landscape, an attack is inevitable. However, preventing an attack is possible with the right combination of technologies and security protocols. Put simply, action must be taken now to keep your accounts safe. Given that poor password hygiene and the resulting impact can damage an organisation’s reputation beyond repair, companies need to treat this situation with the level of seriousness it demands.
