Cybersecurity essentials: Improving password management
Cybersecurity · May 13, 2024
We recently published the first blog of this series on the importance of employee training to identify and protect against cyber threats. In this blog, we dive deeper into password management and how it plays an integral role in protecting against cyberattacks.
A 2022 Better Business Bureau report found that the top-used password by Canadian employees included “123456”. We know that it’s easy to fall into known password patterns where we use the same pin or personal codes for everything makes it easy to remember. However, all of those options could make your data, business and your employees more vulnerable to cyber dangers.
One of the most common threats derived from weak password management is known as a ‘brute force attack’, which is a trial-and-error method that uses automated software to generate many consecutive guesses to gather online users’ information such as a username, password and personal details. These attacks are typically performed by using a script or botnet to ‘guess’ the desired information until something is confirmed. While we may think that a password will keep our online information safe, if not managed properly, it can be as risky as not having a password at all.
Brute force attacks are very common and have affected many well-known companies worldwide, including:
An international ecommerce marketplace: In mid-2022, Chinese e-commerce giant Alibaba suffered a major data breach that contained both customer data and data from the Shanghai police force.
Social media for professionals and businesses: In 2021, data associated with 700 million LinkedIn users was posted for sale in a ‘Dark Web’ forum affecting 92% of LinkedIn’s total user base.
Famous social media: The company’s massive data breach in April 2021 was one of its largest made public to date, leaking names, phone numbers, account names and passwords of over 530 million people.
Don’t let these household names fool you into thinking that this type of attack only happens to larger companies. With the latest developments in artificial intelligence, hackers may be able to crack more complex passwords in mere seconds, no matter the size of the company. A Verizon report from 2022* shows that small businesses are more susceptible to cyber threats, such as brute force attacks, making it crucial to adopt security measures including strong password policies and multi-factor authentication to help minimize risks. The consequences of a brute force attack can be catastrophic, leading to results such as:
Unauthorized access to emails, social media accounts, and financial information that detractors could use for manipulation, data theft, the spread of malware and other malicious activities.
Theft of financial information of individuals or organizations that criminals may use to steal funds from financial accounts and cryptocurrency wallets or even make unauthorized purchases from malicious websites.
Identity theft, where attackers can access personal information like names, emails, addresses, social security numbers and credit card data to commit a number of crimes such as fraud, blackmail, cyberstalking and much more. This could result in legal repercussions to the affected parties.
Attackers can use a hacked email account to send spam emails and malware attachments to spread the attacks throughout the organization systems to steal data, view other account credentials or find valuable information.
Attackers can steal or modify valuable intellectual property like trade secrets, proprietary information or research data to gain a competitive advantage.
It could potentially affect the organization’s brand and reputation, especially if personal information is leaked. When customers, and partners lose trust in an organization, it may result in loss of revenue and broken partnerships. Businesses may face legal and regulatory penalties for failing to protect user data or maintain compliance with data protection regulations.
It can also cause system downtime, interrupt operations and compromise essential services, leading to the loss of productivity, not to mention how costly it can get to recover from the incident.
Employees need to help protect the business from these threats and there are a few critical practices they can implement right away:
The use of a strong password that is at least 8 characters long and includes a mix of letters, numbers and special characters
Never reusing the same password for multiple accounts
Enabling multi-factor authentication as an extra layer of security and having a password management application to securely store and organize your passwords making it easier to access them when needed
By following these password management best practices, employees can help reduce the risk of cyberattacks. Remember, a strong password is your business's first line of defense against threats, but they are just one important cybersecurity measure. Businesses should have a multi-layered approach to security to protect against data loss with tools, proactive monitoring and secure backups.
TELUS Business can help you protect your business from cyber threats and implement important measures to prevent phishing attacks and more. Request a callback to learn more about how your company can benefit from our managed IT services.
*Information found on page 75.
