- Security TWENTY
- Women in Security
A new study conducted by Verizon Data Breach Investigations has found that 81% of all data breaches are caused by so-called ‘weak’ passwords being compromised. This means that many businesses are continuing to put their cyber security at risk by failing to protect their sensitive information online. Indeed, whilst they are most likely aware of the risks involved in using simple passwords, many companies may continue to use basic credentials out of convenience.
The above sentiment is arguably the strongest conclusion many will take from the report as a whole. After surveying over 1,800 businesses, it was found that almost 40% didn’t offer password training for their staff, and only 1 in 4 companies used sufficient multi-factor authentication procedures. Moreover, 61% didn’t have any rules of password complexity in place at their company, whilst over one-third of those surveys didn’t even deactivate former-employee accounts.
These findings will be somewhat troubling for many industries, many of whom have moved more data online alongside the rise in remoting working seen in 2020. But with cyber-attacks continuing to pose a threat to business security, many will see this report as a reminder of the importance of effective password management.
Weak passwords are typically short, common, or default terms such as “password”, an individual’s name, a predictable location, a popular phrase and so on. They are also characterised by how easily guessable they are, so more complex passwords that have sequences (E.g. 1234) or that used frequently can also be defined as weak. Consequently, these passwords can be compromised in a brute-force attack in which all possible terms are rapidly guessed by a hacker or software.
You can read our more extensive article on Passwords For Businesses Here but, in short, setting up complexity requirements (a minimum number of characters, compulsory upper- and lower-case letters etc.) and regular changes can help password strength considerably. In addition, it’s recommended that you aim to provide cyber security training for all new staff, deactivate old accounts, and make multi-factor authentication the norm at your company.
You can also find more information on how to Keep Your Small Business Secure Online Here.