Bad Passwords are Bad Business

Cybersecurity is a top concern for every business in 2020. Data breaches, hijacking, ransomware, and other threats are in the news daily. In just the first six months of 2019, reported data breaches exposed more than 4.1 billion records. 67% of reported breaches and 84.6% of the records that were exposed from those attacks belonged to businesses and organizations. But the most alarming statistic is that a whopping 65% of those breaches were caused by one simple thing - passwords.

Whether passwords are acquired on the Dark Web, stolen, scraped, guessed or cracked, there’s no doubt that password theft is the easiest and fastest way for cybercriminals to gain access to critical components of any organization. One password can unlock the door to a company’s client records, communications, trade secrets, proprietary information, financial data, employee personal information, systems, and more – every nook and cranny of a business.

Password related breaches are the leading cause of data loss. Incidents like the 2016 Dropbox data breach, in which 60 million user credentials were stolen, started with a single employee reusing a password at work. The most fundamental way that a business can protect itself from cybercriminals is by taking password security seriously and building better passwords. The first line of defense for any business against cybersecurity threats is its staff. By practicing safe and smart password habits, staffers can create a significant barrier against attacks from cybercriminals.

Big businesses may seem like the most attractive targets for cybercriminals, but the majority of system breaches were reported by small and medium-sized businesses that were classified as having a low to moderate severity score and involved the exposure of fewer than 10,000 records. With just a few keystrokes, insecure passwords can allow bad actors to quickly access a company’s data and systems, causing severe business disruptions and losses. Every business is vulnerable to cyberattacks with the potential to cause major financial and reputational damage, and password security is the fastest way to bolster a company’s defenses.

Stolen Passwords Can Cost you A Fortune

Cybercrime is a big business - the estimated annual cost to the global economy from cybercrime is $445 billion a year. In the United States alone, the average annual cost of cybercrime rose 29 percent in 2018, to $27.4 million. One incident or data breach can have a huge impact on a company’s bottom line, and the most common way that a company’s data gets compromised is through stolen, mishandled or cracked passwords.

Insecure and stolen passwords can make companies vulnerable to devastating cyberattacks that result in serious losses in revenue and make it impossible to do business. In a Pew Research Center survey of businesses that fell victim to cyberattacks in 2018, 41 percent reported losses from business interruption (down from 44 percent in 2018). About 35 percent said they suffered losses from data loss or corruption (up slightly from 33 percent in 2018), and 24 percent said they suffered losses from data breaches (up from 23 percent in 2018).

Smarter, safer password habits and two-factor authentication are two easy ways to avoid the big bills that come from repairing the damage caused by a data breach. The global average cost of a data breach is $3.92 million, up 12% from 2018 and climbing. Data breach costs are the highest in the United States, where the average cost of a data breach is $8.19 million – an increase of 61 percent over 2018. Bad passwords can also be the stuff of regulatory nightmares as more state legislatures enact hefty fines for mishandling of sensitive information. Healthcare is the most expensive sector for a data breach with an average cost of $8.19 million. In addition to the cost of the breach itself, a data breach can also incur stiff penalties from regulators. The MD Anderson Cancer Center at the University of Texas was fined $4.3 million for one 2018 incident involving poorly secured systems access.

Any successful cyberattack can have a devastating impact on a company’s reputation with both clients and business partners. 46% of Americans are moderately confident that the companies that they do business with are prepared to protect their sensitive personal and business data. But almost half of them believe that the sensitive data that businesses have collected is less secure than it was five years ago - and they’re right. Cyberattacks increased by 20% in 2019, and a compromised password is an easy way for cybercriminals to mount a successful attack.

No one wants to do business with a company that can’t keep their data safe. 69% have refused to open an online account or provide personal information to a business because they don’t trust the company to protect their data. Building confidence in an organization’s ability to protect sensitive data for its clients and business partners starts with demonstrating that the company has a solid cybersecurity plan in place. Strong password defenses like two-factor authentication and a commitment to password protection are an essential part of that plan.

How Are Bad Passwords Born?

There’s more to maintaining password security than just having staffers change their passwords occasionally or add a few special characters to the mix. A proactive strategy for password management is an essential component of every cybersecurity plan. In the era of The Internet of Things, everyone is managing multiple passwords. Between work and personal systems, one person might need to manage as many as 135 different platforms that require a variety of login credentials. The sheer volume can lead to dangerously sloppy password handling. People use a variety of potentially unsafe methods to keep track of their login information, from personal rubrics to scraps of paper, with varying risks to a company’s cybersecurity. The best-laid plans for cybersecurity can easily fall victim to attack because of a bad or mishandled password.

One of the easiest ways for cybercriminals to obtain the keys to a company’s systems and information is by stealing passwords from employees with bad password storage habits. In a 2019 Pew Research Center cybersecurity study 49% of respondents said that they keep the passwords to some of their online accounts written down on a piece of paper – with 18% saying that this is the method they rely on the most. Other methods of password storage can be almost as dangerous as a piece of paper. 24% of respondents said that they keep track of passwords in a digital note or document on one of their devices, frequently in insecure plain text. Only 18% of respondents reported regularly using password storage features in software or specialized password storage tools, and often these tools are inadequate for the job with their own weak or easily obtained passwords.

Unsafe password handling and storage aren’t the only ways that bad actors can steal passwords. Easily cracked or easy–tofigure out passwords can give cybercriminals access to business data and systems just as quickly as a password on a sticky note. Thousands of passwords are sold or traded every day on the Dark Web, and cybercriminals have many tools at their disposal to steal, clone or crack even aboveaverage passwords. The most secure systems are only as strong as their weakest password.

Don'tRecycle, Reduce, or Reuse Passwords

Every day, thousands of new passwords are generated by staffers and for use in business systems and left to their own devices employees will generate bad passwords. The majority of staffers that are allowed to generate their own passwords will use home-brewed formulas made up of words and numbers that are personally important to them for easy recall. 59% of Americans use a person’s name or family birthday in their passwords, 33% include a pet’s name, and 22% are composed of their own name. Most people will choose passwords that can be divided into 24 common combinations, making it easy for cybercriminals to determine possible passwords based on social media data using simple tools. Lists of common passwords and combinations are easy for them to find in password dumps and on Dark Web forums.

It’s not just badly chosen new passwords that provide criminals with an easy route into your systems. Recycled passwords are a common and pernicious password security problem for every business. Over 70% of employees reuse passwords at work, including passwords that they use on their personal devices and accounts. Some workers don’t even bother making any changes to their favorite password when they recycle it at work - 39% of people surveyed say that most of their passwords across both their work and home applications are identical.

In many cases, businesses that allow employees to use unsafe, self-generated passwords can never be sure who exactly has a password that could potentially access their systems and information.

It’s common in many businesses for employees to share passwords among themselves to eliminate everyday pain points, creating security risks. But more worryingly, 41% of adults have shared the password to one of their online accounts with friends or family members, and that password could be the one that they use to access sensitive data or proprietary information at work. Younger adults are especially likely to share their passwords with others - 56% of 18- to 29-year-olds do so regularly.

Even if they’re not recycling their personal passwords at work or using their children’s birthdays as a password, improperly trained employees can still employ other unsafe password practices that create vulnerabilities in an organization’s cybersecurity. Many people use a series of passwords or a certain sequence of password elements to generate their passwords and login credentials for a variety of applications both at home and at work. People under the age of 50 are especially likely to use a series of passwords that are very similar to one another and 45% of internet users ages 18 to 49 iterate their passwords in a specific sequence for use in professional and personal applications.

Password safety also comes into play when considering how employees use technology. In this mobile internet world, a staffer is just as likely to be finishing up a report at a coffee shop as they are at their desk. Bad passwords combined with unsafe Wi-Fi networks create even bigger risks for businesses when people use their company devices outside of the office - and 54% of people surveyed reported that they regularly use public Wi-Fi networks with their work devices. When they’re accessing company systems and data in this way with insufficient password protection, staffers unwittingly provide cybercriminals with opportunities to scrape data and gain passwords, giving them a back door to sensitive business systems and information.

Good Passwords are Great Weapons Against Cyberattacks

Good passwords are a foundational element in building a strong defense against cybersecurity threats. Improving password generation, storage, and security makes it harder for the bad actors that are trying to penetrate a company’s cybersecurity system to find that easy access point that lets them get a foot in the door – and straight into the heart of an operation.

Improving the security of a company’s data and system access points means making a commitment to implementing good password habits in every department and at every level. From the interns to the CEO, any password that accesses any company systems must be securely generated and securely handled. Creating and executing a plan for improvement doesn’t have to be challenging, and it isn’t complicated. By adopting an easy, 3-part strategy to improve password security, most companies can see considerable improvements in cybersecurity very quickly. Rapid improvement can come from:

• Providing Training Most of a company’s non-IT staff is likely completely unaware of the dangers presented by insecure passwords, and the IT staff may even need a refresher. Explain to staffers at every level that insecure passwords and sloppy password storage practices can create serious cybersecurity threats that put both systems and information at risk, including employee personal financial data. Explaining the problem isn’t enough, however. Increased awareness about bad password practices and handling must be complemented by password security training. It does no good to simply fire off emails and have a few meetings about password security. Train every staffer in password security including storing and generating passwords.
• Providing Solutions Implementing good password habits is impossible without the right tools. In addition to undertaking an employee training program to promote password security, provide real hassle-free solutions that help staffers maintain strong, secure, and safely stored passwords. Make these tools requirements for every employee at every access point. Providing password management solutions can equip staffers to safely create, manage, and store their passwords quickly and easily.
• Providing Two-Factor Authentication Deploy two-factor authentication for every account. Even complex, perfectly crafted passwords can be compromised. These days, a strong password alone may not be enough to protect against every cyberattack. Two-factor authentication changes the equation. A combination of solutions that includes multi-factor authentication, single sign-on protections, and identity management tools is a critical component of any defensive strategy, bolstering and augmenting the safety of data and systems at every access point.

Passly Provides Serious Security That Prevents Serious Trouble

Secure identity and access management is an essential asset to protect businesses from many of today’s most devastating cyberattacks. That’s why more than 40 percent of CISOs named secure identity and access management as their top priority over improving endpoint security and updating legacy infrastructure.

Passly is the ideal solution to answer the call. This multifunctional dynamo combines the most highly recommended mitigations against access-based cybercrime, like credential stuffing and password compromise, into one simple solution, thereby saving you time, money and headaches.

Passly includes:

• Multifactor Authentication (MFA) Universally recommended as a cybersecurity best practice by cybercrime experts at CISA (The US Cybersecurity and Infrastructure Security Agency) and the FBI, multifactor authentication throws up a roadblock between cybercriminals and your systems and data by requiring a second identifier for access. MFA is also a compliance requirement in many industries.
• Single Sign-On Control your access points with ease by assigning unique single sign-on LaunchPads to every user. Adding and removing access to tools like business applications and databases is a snap, giving this feature extra potency as a quick way to quarantine a potentially compromised user account.
• Secure Shared Password Vaults Keep your company’s most critical passwords in a central repository with maximum protection, enabling your IT team to access needed passwords for essential hardware and software, like servers and software administration functions, quickly and safely in the event of an emergency.
• Fast, Easy Deployment and Management Seamless integration with over 1,000 common business applications, including O365, Google Drive and more (with customization available for specialty applications), combined with intuitive remote management tools means that Passly gets to work quickly, adding strong protection in days, not weeks.

Don’t wait until it’s too late to add the protection you need to keep your systems and data safe from expensive cybercrime disasters. With Passly, effective, cost-effective protection is within reach for every organization out there.

Password Security Is Essential

Taking password security seriously is a simple and immediately effective way to increase cybersecurity. Good, strong, hard-to-duplicate passwords are a fundamental component of a robust cybersecurity strategy and a powerful tool to deploy in any company’s defense against cyberattacks. By making it harder for bad actors to figure out or steal company passwords, it becomes harder for them to gain entry to a company’s protected information and systems. Explaining to staffers the importance of password security and providing them with the training and tools that they need to do their part is an essential step to take toward thwarting costly, damaging cyberattacks. Implementing strong password security practices and encouraging staff to take password security seriously is a forward-looking strategy that pays immediate dividends in increased protection from cybercriminals and helps bolster the kind of strong cybersecurity defense that sets businesses up for future success in repelling cyberattacks.