We often hear companies say that they aren’t concerned about cyber security or using a password management system because they’ve never been hit with a ransomware attack or experienced a data breach. The former Executive Chairman of IBM, Ginni Rometty, said cybercrime is “the greatest threat to every profession, every industry, every company in the world.” Former FBI Director James Comey stated, “There are two kinds of companies in the United States: There are those who’ve been hacked … and those who don’t know they’ve been hacked.” 

The conversation around cyber attacks should be based on the assumption that every company will eventually be affected. Businesses need to make a focused, conscious effort to make cyber security a priority and to protect their company, employees and clients.

Can Cybercriminals Access Your Data Easily?

You’d be surprised to learn just how easy it is for cybercriminals to get into your personal information. While weak passwords are the most popular method of entry, there are a significant number of people who don’t follow good password hygiene practices. 

Here’s the good news: You can bolster your cyber security efforts by following these best practices.

Cybercriminals can solve weak passwords in a matter of seconds using automated tools. “A hacker needs roughly two seconds to crack an 11-character password made up of numbers,” says Alex Balan, director of security research at security company Bitdefender. If your password is more complex, with alternating numbers, symbols and uppercase and lowercase letters, the time needed to crack your password jumps to 400 years.

But there’s a problem associated with creating complex passwords. 

Keeping track of multiple passwords makes people create easy-to-remember (and easy-to-guess) passwords. 

A GitHub page for OWASP’s SecLists project shows the top five most popular passwords across the globe are:

• 123456
• Password
• 12345678
• qwerty
• 123456789

Equally concerning were Google’s findings that almost a quarter (24 percent) of Americans have used some variation of the following weak passwords: 

• abc123
• Password
• 123456
• Iloveyou
• 111111
• Qwerty
• Admin
• Welcome

If your password is one of these, it’s a sign you should change it immediately.

Security Isn’t Something You Can Ignore

It is your responsibility to keep your company safe. Being aware of your security risks is critical, because ransomware, data breaches and other attacks are not hypotheticals, they happen with increasing regularity and impact. 

You need to understand what proper password hygiene practices will do to help you protect yourself, and what responsibilities you need to take to ensure your business is secure.

Password Management Guide: What Strong Passwords Look Like

Experts across the board agree that a strong password should be unique and contain a combination of letters, numbers and special characters. While password complexity helps in the long run, length matters much more. The experts recommend a minimum of 12 characters or more if possible.

Keep in mind: A 12-character password takes 62 trillion times longer to crack than a six-character password.

Here’s the thing: if a computer could crack a six-character password in one second, it would still take more than two million years to crack a 12-character password.

Here are some more expert tips from our cyber security team:

• Never reuse the same or similar passwords. Use a different strong password for every account.
  
• Don’t write passwords down in the office. Whether it’s on a sticky note, in a notebook or a file on your computer, writing down passwords is simply bad for security.
  
• Longer is better. Ensure each password is unique and not easily guessable.
  
• Sign up for data breach notifications. While the relevant company should tell you if your data has been exposed, signing up for a service like Have I Been Pwned? will increase your chances of hearing about a data breach before it’s too late.
  
• Change your password after a data breach. If you discover your information has been breached, you should change your password right away and check that there has been no unusual activity on the account.
  
• It’s best to use a “passphrase” that is long but easy to remember, easy to type and hard to guess. Pick something that only you would know. For example, the phrase “I Love Pizza with Onions!” becomes “IL0v3Pizz@with0ni0ns!” Easy to remember, easy to type, hard to guess and, at 21 characters, VERY difficult to crack.
  
• Use multi-factor authentication (MFA). In a 2019 blog post, Microsoft manager Alex Weinert stated, “Based on our studies, your account is more than 99.9 percent less likely to be compromised if you use MFA.”
  
• Watch out for phishing emails and sites. These use social engineering to steal personal information such as account credentials and banking information.
  
• Monitor your accounts. Check your online accounts regularly for any suspicious activity.

What Else Should I Be Aware Of?

After hearing about what actions you need to take to secure your passwords, you might be wondering if there are any other pertinent tips we can offer. If you want to learn more, feel free to contact us or book a meeting so we can help. 

We’ve also created the “Super Simple Password Management Guide for the Office (And Beyond),” a free download to help you make sure your cyber security is actively protecting your business at full capacity. It’s a free resource that could save you time, money and damage from a cyber attack.

Does your password have your name or birthday in it?

If so, you might not be following proper password hygiene practices. In reality,  59 percent of people do this, and put themselves at risk for cybercrime. Additionally, over 70 percent of passwords are used for more than one platform or app, meaning if cybercriminals get one, they can access a lot more of your accounts.

Our free Super Simple Password Management Guide will give you the best password hygiene practices to protect you and your business from cybercrime.

Protect Yourself