Three steps to more secure employee passwords on World Password Day
Passwords are often more associated with individual and consumer cyber security, but they are an essential part of an organisation's overall security posture. For example, you wouldn't leave the windows open overnight as this would allow easy access into the building for thieves. In the same way, a weak password offers cyber attackers easy access to your corporate infrastructure, after which they can use these credentials to escalate permissions until they granted themselves administration privileges, at which point the risk of financial and reputational damage becomes truly serious!
Consider the worst passwords of 2020 (all real examples!) and how easy they would be for cyber criminals to crack:
So how can you ensure the passwords used throughout your organisation are strong and secure? We suggest three simple steps:
With online shopping, banking, social media, etc. now part of our daily lives, most people have lots of passwords to remember. For the sake of convenience, it's tempting to use the same password for everything, with 51% of people using the same passwords for both work and personal accounts. However, when personal security is breached (via Facebook or LinkedIn, for instance) and the person is using the same passwords for everything, cyber criminals will be able to access to the corporate infrastructure. Employees should therefore use a password vault, so they can use more complex, unique passwords for each login without needing to remember them or keep track of them in an unsecure fashion.
The pandemic, and the resulting move to remote working, has drastically impacted password security over the past year, with VPN connections representing a major concern. Many employees are opting for 'easy' passwords because many VPN solutions are not able to understand some special characters, which are an essential element of any strong password. In fact, some employees are not connecting to their VPNs at all, which is making it a lot harder to update and change passwords, due to them not being connected to the infrastructure on a regular basis. Organisations must highlight the importance of being connected to the VPN to their employees, whilst also ensuring their chosen VPN solution allows employees to use special characters in their passwords for optimal security.
An essential part of robust cyber security is multi-factor authentication (MFA), where a user must provide two or more verification factors to gain access to resources, such as a written password and a confirmation of the sign-in via a mobile device. This is key for a strong Identity Access Management strategy, but not enough organisations are deploying MFA as they, fear it is too confusing for their employees. However, this is not true. MFA solutions offer organisations quick integration, easy management, a seamless user experience and - critically - an additional layer of password security.
Ultimately, if organisations provide employees with access to password vaults, ensure they are connected to the VPN (which enables special characters in passwords) whenever they are working remotely, and implement MFA for all sign-ins, they will significantly decrease the risk of being hacked. If you are in any doubt about the effectiveness of your existing corporate password policy and the supporting solutions, seek the advice of a trusted cyber security partner.