The Password Mistakes Every Business Makes And How To Fix Them
By Rachel Rowlandson, IT Service Director at Evolve
In today’s digital landscape, passwords serve as the first line of defense for businesses against cyber threats. Following news that common and easily guessed are being banned in the UK as part of world-first laws, and to mark World Password Day on 2 May, Rachel Rowlandson, Service Director at Evolve, reveals the true cost of a weak password, and shares best practices to protect businesses.
New laws that came into force on 29 April – part of the Product Security and Telecommunications Infrastructure (PSTI) regime – are a welcome move that should significantly improve the UK’s resilience from cyber-attacks.
Going forward, manufacturers of all internet-connected devices, including mobile phones, smart doorbells and even high-tech fridges, must implement minimum security standards. This will mean a clampdown on some bad digital habits most of us have been guilty of.
Passwords play a crucial role in maintaining the integrity of corporate assets, yet in 2022, more than 24 billion passwords were exposed by hackers, and around 80% of confirmed breaches are related to stolen, weak, or reused passwords.
Robust password policies are critical for ensuring the security of digital assets and accounts. Not only do they make it more difficult for hackers to access accounts, systems, and sensitive information, as cyber threats evolve, they allow organizations to adapt and respond to new challenges effectively. To fully understand the benefits of such policies, it’s helpful to look at the consequences of using weak passwords.
The risks of weak passwords
Studies have found the most used passwords in the UK last year were ‘123456’ and ‘password’, which will now be disallowed thanks to the new legislation. But what’s so bad about them?
Weak passwords represent a significant security risk, exposing individuals and organizations to various threats, including unauthorized access, data breaches, identity theft, and loss of trust and reputation.
Aside from the obvious issue that weak passwords can be easily guessed or cracked by automated tools, they make it easier for attackers to perform account takeover attacks, where they gain access to a user’s account and misuse it for malicious purposes, such as stealing sensitive information or spreading malware.
Additionally, weak passwords increase the risk of identity theft, where attackers impersonate individuals to access their financial accounts, make transactions, or fraudulently apply for loans or credit cards.
Lesser-known risks include the erosion of trust and damage the reputation of individuals and organisations, and non-compliance with existing regulations. Many industries have long-standing regulations and standards requiring the implementation of strong password policies to protect sensitive information and maintain data security. Failure to comply with these regulations can result in legal and financial penalties.
Compromised accounts resulting from weak passwords can lead to data breaches, exposing sensitive information such as personal data, financial records, or intellectual property, so it’s imperative to implement password policies that will protect businesses.
Best password practices to fortify defences
Under the new UK law, if a user suggests a common password they will be prompted to change it on creation of a new account. But there are other proactive steps businesses can take:
- Create strong and unique passwords using three random words. The best way to make a password difficult to hack is by using a sequence of three random words that are easy to remember. You can make it even stronger by including special characters and numbers, but
don’t fall into the trap of thinking that using symbols on short common words e.g. “P@$$W0rd1” will make it harder to guess. Alternatively, consider using passphrases, which are longer and easier to remember than traditional passwords.
- Enable Multi-Factor Authentication (MFA): Whenever possible, enable multi-factor authentication (MFA) for your accounts to add an extra layer of security by requiring additional verification beyond just a password, such as a code sent to your phone or generated by an authenticator app.
- Avoid Password Reuse: Use different unique passwords for every email, social media and banking account. Store passwords in your browser when prompted, or use a password manager; both options are easier than remembering multiple passwords and safer than re-using passwords.
- Regularly Update Passwords: This is especially important for accounts that contain sensitive information or are critical to business operations.
- Monitor Account Activity: Regularly monitor accounts for any suspicious activity or unauthorised access. Enable notifications for login attempts, password changes, and other account-related activities to alert you to any potential security incidents.
By following password best practices, businesses can significantly improve your security posture and reduce the risk of data breaches and other cybersecurity threats. Moreover, implementing robust password policies demonstrates a commitment to security, which can enhance trust among customers, clients, and stakeholders.
About Evolve
Evolve Business Group is an independently-owned company that specializes in providing end-to-end IT and managed network solutions to a range of businesses. Comprising of the EvolveODM and GB3 brands, It is helping businesses to reduce costs and simplify the management of services, and give business owners and their teams more time to do what they do best.
Founded in 2005, it has worked with a variety of clients across different industries around the world, building a team of highly experienced specialists to help create effective and efficient packages using any combination of different offerings. It keeps the networks of retail, hospitality, fast food and petroleum franchises compliant, protected and connected.
Rachel Rowlandson
In her role as the IT Service Operations Manager, Rachel stands out as an award-winning IT Service Desk Manager with an impressive track record of over 20 years in the IT support domain.
Her extensive experience encompasses all facets of IT support services, showcasing a deep understanding of IT infrastructure, service delivery, and customer satisfaction.