Data Breaches and Weak Passwords: A Love Story
Data breaches and malware attacks make headlines every day – and huge, household names are no longer the sole target. Small and mid-sized businesses are increasingly being targeted by cyber criminals and hackers who seek to exploit the brand for their own purposes. Tracking down and eliminating sources of risk can help prevent data theft and ensure that your own business doesn’t fall prey to a hacking attempt.
According to the Verizon DBIR, 81% of data breaches could be traced to a weak or reused password.
Data breaches and weak passwords go together like peanut butter and jelly. They are inextricably linked, forever together. Unless, of course, you invest in a password manager to break poor employee security habits by enabling strong password behavior through a convenient, reliable solution.
Your Loyal Employees Could Be Your Greatest Risk
Malicious insiders like Edward Snowden are not as common as headlines may lead you to believe, but your own loyal employees may be putting your business at risk. Your front office staff, your marketing team and your data entry folks would never deliberately put your organization in jeopardy, but if they fall for a phishing scam, fail to take proper precautions for password safety, or simply get fooled by a social engineering hack, your brand will suffer.
Common Risk Factors Caused by Employees
Phishing: An employee who clicks a link in an email, opens an attachment or replies to a phishing attempt could expose your entire network to risk. They won’t do it on purpose; but if they are not tech savvy, educated and aware of the latest scams, then your team could fall prey to a hacker. According to recent statistics from the FBI, the number of ransomware attacks is at an all-time high – and it continues to grow every month.
Phishing is the first step a hacker makes when they are ready to deliver a packet of ransomware – and lock you out of your own network until you hand over some cash. Education, awareness of the risk and clear protocols for dealing with suspected phishing attempts can help protect your entire organization.
[READ: Interested in running your own phishing test? Learn how here.]
Password Fails: Perhaps the largest risk of all is the way your employees handle passwords. From posting login credentials in a too-public setting (the front of the monitor, on the wall, on the keyboard) to revealing those credentials to someone else or simply choosing a terrible password, the way your team handles login credentials could disrupt your brand.
Workers who place login credentials on a post-it note on the wall, monitor or on the desk are opting for convenience over security. While posting passwords in a visible place ensures the employee can log in as needed, it also exposes those credentials to anyone in the area. Anyone entering your office can easily view this information and potentially access your network. Complacency and convenience could put your entire network at risk.
Social Engineering: Less common, but still a risk is the prospect of outside influence. From offering an outright bribe to faking romantic interest to gain access to an employee’s password, hackers use a variety of methods to prey on unsuspecting employees. While social engineering is not as common as some other forms of trickery used to exploit your team, it is something to be aware of and to warn your team about.
Your more tech savvy team members would never dream of posting credentials on paper – -but they could be making other common password errors. According to Entrepreneur, some of the worst passwords of 2017 are also the most obvious candidates – qwerty, 123123 and admin top the list of terrible password choices.
For both those workers who post passwords in public places and those who choose ridiculously easy login credentials, the easiest solution is employee education and a robust password manager to protect your organization.
Protect Your Business From Data Breaches: Use a Password Manager
A password manager can protect your organization from the most common employee risk – sloppy password selection and protection. A password manager ensures that weak passwords and poorly chosen credentials can’t wreak havoc on your organization’s data security.
Prevent data breaches and loss by helping your team keep track of passwords; and prevent convenience (reused passwords) from winning out over common sense (strong passwords) when it comes to password use. One single master password is used by the employee – and the password manager stores all other credentials, issuing complex and unique credentials for each account and login.
By using a password manager to handle credentials, your organization can dramatically reduce the risk of a data breach and ensure that your network is not left exposed to anyone who wishes to exploit you.
Sign up to receive news and updates about Dashlane