By | Rob Sobers | Sr Director – Varonis
How protected is your company against security breaches? If you don’t have strict password policies in place, you may be more vulnerable that you think.
According to the 2017 Verizon Data Breach Report, 81 percent of hacking-related breaches leveraged either stolen and/or weak passwords. If your cybersecurity policies don’t include password best practices, like requiring complex passwords or mandatory password expiration, you could be putting yourself — and your data — at risk.
This is especially true given how lax people are when it comes to their everyday password habits. According to a study conducted by Varonis, the majority of Americans aren’t following password best practices in their own digital lives.
The study, which surveyed 1,000 Americans about their password habits, found that most are engaging in online practices that don’t meet best cybersecurity recommendations. For example, the majority of Americans, 51 percent, admitted to only changing their passwords when they forgot them — 17 percent admitted to never changing them at all.
Password management is also lax overall: 57 percent of people surveyed said they remember their passwords through memorization, which is directly contrary to best practices that say passwords should be complex, including a mix of upper- and lowercase numbers and letters. Additionally, best practices dictate that different sites should have different passwords.
In addition to those using memorization to keep track of their logins, 25 percent of people allow their browsers to save their passwords, and 11 percent manually write them down, despite that keeping your login information accessible in plain text isn’t recommended. Only 7 percent of people use password management software, which is the most recommended method by cybersecurity experts.
Other key takeaways from the study include:
- Despite the increasing number of hacks in the news cycle, only 1 in 5 Americans said they change their password as a result of hearing about a hack
- Banking and loans passwords are the most often changed, at 29 percent
- Men are more likely to use a password management tool than women, at 63 percent vs. 37 percent
If your employees are using these poor password practices inside your organization, you’re at risk of a security breach. And while cyberattacks may seem like something only large corporations deal with, smaller companies are just at risk. In fact, according to Verizon, 61 percent of breach victims in 2017 were businesses with under 1,000 employees.
So, how can you ensure that your employees aren’t carrying over their poor digital habits into the workspace? To protect against weak passwords, implement password best practices, including:
Require complex passwords. Passwords should be between eight and 10 characters long and require a mix of uppercase and lowercase letters, symbols, and numbers. Ideally, passwords should be meaningless — this means forbidding the use of personal information or dictionary words.
- Require different passwords for different accounts. This ensures that if one account becomes compromised, others won’t be.
- Discourage password sharing. Don’t share passwords over email or in person. If your business requires that different employees access the same accounts, invest in a password management system like LastPass, which makes the process more secure.
In addition to these rules, you should use multi-factor authentication whenever possible, and continuously update your team in password best practices as they evolve. You should also monitor your network for breaches, and perform company audits regularly, to ensure that your cybersecurity policies are being followed.
Despite the increasing number of hacks in the news and Americans real-life experiences with data breaches, the majority of people aren’t following password best practices in their daily lives. Be sure to implement strict password policies within your organization to ward against an unnecessary security breach.
Rob Sobers is a Sr. Director at cybersecurity firm Varonis. He has been writing and designing software for over 20 years and is co-author of the book Learn Ruby the Hard Way, which has been used by millions of students to learn the Ruby programming language. Prior to joining Varonis in 2011, Rob held a variety of roles in engineering, design, and professional services.