You may have heard that people are the weakest link in any company’s defenses. Internal errors or carelessness have been at the root of some of the largest cyber breaches. Although human nature can be difficult to combat, there is one aspect of employee-related, corporate security that isn’t―log-in credentials; specifically passwords. Yet, every day organizations put themselves at extreme risk by not taking password security seriously.
Did you know that until 2013, “password” was the world’s most commonly used password? In 2013, it fell to number two, and 123456 (an equally risky one) took its place. Each year, SplashData releases a list of the world’s most used passwords. We encourage you to warn your employees to avoid them. More importantly, we urge you to adopt strict corporate policies about strong passwords and how often they must be changed.
The user name and password structure we all rely upon is flawed and outdated, but it isn’t going anywhere, anytime soon. The thought of transitioning the entire Internet to another form of authentication is mind-boggling. Consequently, we must keep passwords and user names as secure as possible. That’s not easy when both your firm and your employees may have upwards of 30-40 online accounts.
Here’s the bottom line: Your employees may be responsible for their passwords, but you are in charge of establishing and enforcing protocol. A study by one security solution provider found that 13 percent of users in corporate environments weren’t required to use passwords to protect their user accounts, at all. Eighty-two percent were not required to change their passwords regularly, and 44 percent were not required to use sufficiently long passwords. Furthermore, 15% of user accounts were inactive, which potentially allows undetected, unauthorized access.
Don’t be that company. Don’t follow in the footsteps of Ebay, whose cyber-breach (one of the largest in history, at the time), was traced to problems with log-in credentials. Take steps to implement stringent password controls and management today. If you would like to know more about password management and policy, or any other security-related question, feel free to email us or give us a call at 770.643.4400 (toll-free: 877.841.8069).