Passwords are the gateway to company data. How do your security practices measure up?
Creating a password oftentimes feels like a means to an end. With a bevy of work and personal accounts, the simple act of logging in can be arduous. It’s only natural that we create—or worse, reuse—a simple and memorable-to-us (read: weak) password.
In fact, according to Verizon’s Data Breach report in 2018, 70% of individuals in the United States reuse the same password across multiple (or all of) their accounts, and many people use the same password for personal and work accounts. According to a recent study by Dashlane, 22% of respondents have no discernable system for remembering or tracking passwords.
Poor password security practices, including weak and reused passwords, are an invitation to hackers looking for an easy way in. According to Verizon, the use of stolen or brute-forced credentials is the cause of more than 80% of hacking-related breaches. And if we’re reusing passwords, hackers only need to breach one of our accounts to gain access to all of our data. One high-profile breach of an online service provider yields millions of compromised passwords.
Growing risks in a connected world
The uptick in remote workforces means a greater need to protect our passwords, and by extension, our data.
With more and more of us working from home, companies have needed to quickly implement brand-new tech and adopt workflow apps that we’re not totally familiar with. These times call for us to be innovative and ahead of the curve, especially when it comes to data security. Yet 80% of organizations are pursuing digital innovation faster than they can improve their security practices to defend against cyberattacks.
Cyberattacks in business
According to Allianz, cyberattacks have climbed to the top of business risks globally. These risks will continue to grow with the rapid shift to remote work environments for a number of reasons:
- Remote solutions: Companies rely on remote access solutions, like requiring employees to connect to remote networks via VPN.
- Phishing scams: Away from the office, employees may be more susceptible to phishing scams and social engineering.
- Personal devices: On top of everything, remote workforce means employees might be using unsecured personal devices at home.
Passwords: The weakest link
In 2004, Bill Gates said at an RSA conference that “over time, people are going to rely less and less on passwords.” But that prediction didn’t exactly hold up. In fact, the number of passwords is expected to grow to up to 300 billion this year. That’s up from 90 billion passwords in 2017.
Passwords are the path of least resistance for cybercriminals. Why should they try to force their way into your IT environment when they can simply log in? And many security solutions are only designed to detect intrusions; once attackers are inside, it takes an average of 280 days to identify and contain a data breach.
It’s clear that passwords aren’t just a way to get from points A to B—they’re the gateway to sensitive company data. It’s good to be aware of the potential holes in your company’s security practices as a variety of internal or external factors could end up exposing your corporate passwords. Here are three of the most common causes behind compromised information:
1. Passwords get stored in and shared over unsecure platforms. Weak credential storage and sharing, i.e. sharing and storing passwords via Slack or email is one of the main reasons companies experience cyberattacks. Other common password storage includes plain text, unsecure Excel spreadsheets, or cloud databases. These protocols, though risky, and still general practice for many organizations when it comes to password storage.
2. Companies have malicious or careless insiders. The frequency of insider-related incidents has tripled since 2016—and credential theft is the costliest type of inside threat (per incident).
3. Hacking is consistently on the rise. Malware, unsecure connections, and brute-force attacks—where an attacker may use software to automatically submit tens of thousands of passwords or passphrases with the hope of eventually “guessing” correctly—are just a few of the tools in bad actors’ arsenals for stealing passwords. Among malware varieties, “password dumpers”—used to steal credentials—were in the top spot in 2019, involved in about 40% of confirmed breaches.
The good news is that there are simple ways to mitigate the risks that have arisen with a remote workforce.
Nip these risks in the bud
The best way to protect your corporate accounts and sensitive data is by implementing a password manager. It may not sound like a comprehensive solution, but it does much more than securely store passwords.
In addition to protecting your organization’s data, password managers empower employees to be part of the solution rather than part of the problem. They also ensure that employees don’t leave the company with corporate passwords and accounts.
Not to mention a password manager takes the stress out of password creation. When employees use a password manager like Dashlane, they only need to create and remember one Master Password, and Dashlane offers tools to ensure that it’s a secure one. Dashlane also allows users to keep work and personal accounts separate, which means employee and company data is safe and secure.
Learn even more about how you can keep your sensitive business data safe with a password manager in our latest e-book.