Bad passwords are the cause for over 80% of cyber security incidents.
Bad passwords are bad for business. ID Agent, a leading provider of Dark Web ID monitoring and protection services, recently surveyed over 2 billion passwords to find the worst problems and mistakes. The research boiled down the least secure passwords into three groups.
- Team Pride: Using your favorite team or team slogan is risky. This information about you is often easily found on social media.
- Rock and Roll: Your music preferences are also likely visible to the world on social media and in streaming services. As these services may or may not be secure, band names, song titles, and artists are high risk passwords.
- Heroes: Heroes are weak and vulnerable when they are part of your password. Our favorite hero — fictional or not — is easily discoverable and exploitable.
Bad password habits can lead to Dark Web exposure. Here are 3 ways to protect yourself.
Communicate and Educate: Consistently communicate with your team about cyber risks and the need for good password habits. Educate and guide your team to reinforce behaviors.
- Discourage reuse, sequential, iterated, recycled, or simple passwords.
- Encourage use of secure, company-approved, password vaults.
- Solve access problems to prevent the need for sharing passwords for convenience.
- Increase phishing training to avoid password compromises.
Prevent & Protect: One of the best ways to prevent breaches due to compromised passwords is to add multi-factor authentication (MFA) for every user.
- Weak user-made passwords are stronger with a second identifier.
- Stolen/compromised passwords are much harder to use with MFA in place.
- MFA is a compliance tool with HIPAA, PCD-DSS, SJIC, and other industry and legal regulations.
- Identifiers and tokens can be delivered via phone, app, or fob.
Other prevention and protection strategies include: advanced threat protection, encryption of data at rest and in motion, permissions management, and dark web monitoring. Dark Web monitoring lets you know when personal or company data is circulating, even if you have not had a breach. Third-party partner and service breaches put your systems and data at risk. As such, you should:
- Monitor the Dark Web for lists of you company’s potentially compromised passwords and available personally identifiable information (PII).
- Spot compromised passwords that employees may be reusing on our systems.
- Find password and credential threats quickly, to mitigate them faster.
Respond and Recover: Even with protections in place, cyber attacks can succeed. Whether a data breach, denial of service attack, or ransomware, be prepared to respond and recover. You want and need to get your business up and running as quickly as possible.
- Backup all company data, on premise and in the cloud, so that you can recover corrupted files quickly.
- Have business continuity solutions in place for critical systems and applications, so that you can be up and running in minutes or hours, rather than days or weeks.
Your Next Step
CPR With “CPR” in mind, learn how Cumulus Global can help you minimize your risks and maximize your recovery to ensure your business continues to run smoothly.