With both data breaches and fines on the rise, workplace password security has become more critical than ever. We've some practical tips to help.
One of the most common causes of a security breach is weak passwords, with people often reusing them for multiple or all accounts. A survey conducted by Specops Software uncovered that 51.61% of respondents share their streaming site passwords, with 21.43% unsure whether those passwords get shared with other people.
People's attitude to password security is alarmingly lax, which can have costly repercussions for businesses. $1 trillion was lost to cybercrime in 2020, according to McAfee. An estimated five billion unique user credentials (e.g. username and password combinations) are available on the darknet to cybercriminals that can grant access to corporate networks or bank accounts.
describes when hackers test databases or lists of stolen credentials (i.e. passwords and user names) against multiple accounts to see if there's a match.
is a social engineering trick which attempts to trick users into supplying their credentials to what they believe is a genuine request from a legitimate site or vendor.
is a technique that uses a list of commonly used passwords against a user account name, such as 123456, password123, 1qaz2wsx, letmein, batman and others.
is often a technique used in targeted attacks. Keyloggers record the strokes you type on the keyboard and can be a particularly effective means of obtaining credentials for bank accounts, crypto wallets and other logins with secure forms.
uses trial-and-error to guess login info, encryption keys or find a hidden web page. Hackers work through all possible combinations hoping to guess correctly.
occurs when you write down or use your password somewhere where it can be seen in plain text.
involves no subterfuge. Somebody demands you hand over your credentials, or they threaten you.
So what should your colleagues do to reduce this risk and ensure they keep their passwords safe?
Aim for a minimum of 8 characters with numbers, letters and punctuation.
Don't use easily guessed passwords like 1234, 4321, qwerty, password and password123. Avoid using words that can be found on social media accounts - for example, family names, pets, place of birth, school, favourite holiday, or something related to your sports team or hobby.
Do not use:
Avoid writing them down, sharing them with others or using the same password across multiple sites. If you must write them down, make sure you use a code that is meaningless to others.
Especially if you think someone else knows it.
The UK government's cybersecurity campaign encourages the use of three random words (e.g. dogmoonpurple) broken up with numbers and characters to substitute for letters (e.g. D0gm00npu4p!e).
Or create a string of completely meaningless letters and symbols. One way of doing this is to take a random sentence or line from a song/poem, use the first letter of each word, and then add punctuation and numbers to mix it up.
Software like Dashlane, 1Password, KeePass, or Lastpass allows you to store all of your passwords behind one master password.
If someone logs in from an unrecognised device, you're sent a code (by text or email), which you have to enter to verify it's really you.
Use one of the many websites that check to see if your password has been compromised, such as Have I Been Pwned. If someone can access your email, it often means that they can easily reset other passwords.
We've created a comprehensive GDPR roadmap to help you navigate the compliance landscape, supported by a comprehensive library of GDPR Courses.
We also have 100+ free compliance training aids, including assessments, best practice guides, checklists, desk aids, eBooks, games, posters, training presentations and even e-learning modules!
Finally, the SkillcastConnect community provides a unique opportunity to network with other compliance professionals in a vendor-free environment, get priority access to our free online learning portal and other exclusive benefits.