Does this sound familiar? “I reuse the same three or four passwords” or perhaps “I use one password for everything”
Ask any group of end users in most organisations and the chances are that you’ll find a high number of people will use one of the above phrases. Is it really that bad to recycle passwords, or just use the same single one for all your accounts?
If you’re changing them regularly enough and those passwords that are recycled have the required mixture of capital letters, symbols and numerals, everything is nice and secure right? Not so much, the truth is that these two practices are likely increasing your chances of being vulnerable to a cyber-attack which has the potential to breach your defences/security and steal your data! Unfortunately, all password policies for individuals and corporations must change to keep up with the ever-evolving cyber criminals!
The risk of being hit by a cyber-attack is now much more of a case of not IF, but WHEN you’re attacked. The dark underbelly of the internet is always looking to exploit any weakness in your online defence. As new cyber security solutions and patches are developed these online criminals are constantly developing new ways to break through the defences. They create their own algorithms and solutions to help them break your pass codes. In order to be a secure as possible, and keep ahead of the cyber criminals, your passwords should change often and be complex. The easiest way to achieve both, is to be creative!
What’s your favourite January event? “hitting the gym like a possessed fiend!” = January’s password could be HitThatGymMeanitResolution for example. How about February? “Valentines and chocolate” = February’s password could be Lovedup!ChocolateforMe. For Corporate passwords, perhaps use Directors titles each month or product names and parts of the company address DeliverydriverFredGreenteam for example. Reusing old passwords is fine if the password has not been compromised before, but how would you know? On the dark web you can buy digital credentials used by businesses for their critical business applications, as well as online services that are compromised and sold.
If you’re allowing the reuse of passwords it’s just a matter of time before an attacker gets lucky and someone, somewhere on your network, starts using a password that’s out there in the world. If that password is the same for multiple systems, then inadvertently someone may have just handed over the Keys to your Kingdom!
Here are five tips direct from the Mirus Tech team that we use as part of our best practice to keep our clients safe.
Maintain regular changes to your passwords.
Many people in business do share their passwords around to key team members. This means staff can login as each other and this can also create problems when staff leave. A compromised password creates issues via phishing/social engineering and if it remains unchanged only exacerbates and extends the breach.
St0p us1ng compl3x1ty. This only creates headaches for end users who will be forever sending reset requests because they have forgotten the symbol or numerals used. It’s also much easier for cyber criminals to use their software to work out the potential password.
Enforce original passwords. Don’t let people have the option of reusing a password. This way, if somehow your passwords are out in the market place, once you have completed tip 1 you’ll have removed the risk to your business.
Screen new passwords against common and compromised passwords. There are services out there that hold databases of compromised passwords and the passwords most commonly used. Using these as a suppression list for passwords just adds another layer to your protection policy.
Educate the workforce. One of the biggest challenges facing IT security is the end user. What may seem like a common-sense choice to the uneducated can be the worst choice. Educating your end users as to the dangers of sharing passwords and using one single password for everything can really make a difference when it comes to a breach.
At Mirus we remain dedicated to maintaining cyber security and data protection for our clients and our own business. These five points are just part of a much wider and proven best practice that we employ. If you have concerns about your vulnerabilities don’t leave them until you are trying to rescue your data or bring services back online.
Prevention is much better than cure!
The three pillars of Mirus are:
Delivering outstanding service.
Offering strategically successful solutions.
Providing consistent customer satisfaction.