If it’s so easy, why are so many companies still getting caught out by hackers?
The simple answer that it’s all a bit too much hassle. Cyber threats are a daily problem for businesses of all sizes. Everyone knows the risks, but despite all the news reports and constant warnings, trends demonstrate a huge hike in data breaches and hacks over recent
The use of mobile devices for work have enabled us to become immensely more productive and flexible with our time. But without proper management it’s also created the perfect opportunity for cyber criminals to make money (and lots of it). Proper robust passwords can be notoriously onerous to manage. So many companies simply pass it of as a job too time consuming to do anything about. Even when faced with the ever increasing risk of data loss, downtime and public naming and shaming, bosses everywhere are still burying their heads in the sand and hoping it all goes away.
When employees leave a company on bad terms, countless organisations fail to put the correct procedures in place to protect their critical data. Even when password policies are written and shared with staff , they’re still not being enforced. A 2019 report from Yubico revealed that despite an increase in understanding about cyber crime and password best practice, behaviour is still falling short.
Look in any office and you’ll still find people:
• Sharing login details
• Scribbling passwords on Post-it notes and sticking them on their computer screens
• And failing to keep schedules for password changes
You might just as well build a house with straw and put a big sign outside saying “Dear Mr Wolf, please steal all my stuff and eat me for breakfast”.
Both Yubico’s report, and the frst ever UK Cyber Survey, conducted by the National Cyber Security Centre (NCSC) identified scary password statistics that are putting businesses everywhere at risk. Here are five of them – read them and weep:
1) Two in three (69%) of users still share passwords with colleagues to access information.
2) Over half (51%) of users use the same passwords for work and personal accounts.
3) 57% of people who have already fallen prey to phishing attacks still haven’t changed their passwords.
4) 23 million account holders are still using 123456 as their password, even though it’s been proven to be just about as effective as the proverbial chocolate teapot.
5) 57% of people said they fnd password management an irritation that stops them doing their jobs, so they don’t bother with it.
Here are our top 12 rules for good password hygiene:
1 Use a random password generator to set a strong password
2) Never re-use passwords
3) Never write your password down
4) Never share login details
5) Block access for past employees as soon as they leave the building – even if there’s no bad feeling between you
6) Don’t use easy to guess passwords like football teams, special dates or children’s names. Just a quick social media search can provide plenty of clues about seemingly unguessable passwords
7) If you don’t use a random password generator, be creative about passwords by combining random but memorable words
8) Use a password manager to do the hard work for you. So you never have to be annoyed by passwords
9) Consider using multi factor authentication, to provide an extra layer of security
10) Make sure everyone in your organisation is trained in cyber awareness and understands how to identify common threats
11) Keep the password policy on your shared drive and ensure everyone signs to acknowledge they’ve received and read it
12) Provide a contact person who will act as the main individual responsible for password security.
A call to arms for more robust cyber security in your business
As the head of your company or team, it’s up to you to set a good example. Never share your login details with anyone, and make it clear to everyone that doing so will be treated as a serious
offence. If people continue to sidestep the rules, you’ll have to get tough – this is your company’s reputation and money at risk. Your password policy should become an essential document in
your organisation that forms part of its overall culture. Make sure everyone reads it, signs it, and is made aware of what will happen if they continue to wilfully disregard it.