Verizon report uncovers alarming truth about employee passwords

When it comes to creating a password policy, we have to balance security with productivity. But too often security rules seem at odds with productivity and employees find workarounds that put you at risk, or they ignore security rules altogether.

A recent report from Verizon’s Research found that businesses are too often on the losing end of this battle.

An astounding 81% of data breaches happen because of poor employee password management. 70% of employees use their work passwords at home as well, often on low-security websites. These are prime targets by thieves. With them, they can open Pandora’s Box and access to your systems.

Given this alarming truth about employee adherence to your rules about not using their work password anywhere else, we must have alternate ways to secure our business and customer data.

Cedric Brown, an IT professional with Charlotte’s IT services team at William Ives Consulting offers some password cybersecurity solutions you can implement quickly to do just that.

1. Add Two-Step Verification

You’ve likely noticed that many high-security websites have moved to two-step verification. We now know that a single password is not a safe way to secure an account because of human nature.

Simply set up a second way to verify identity like:

• Answering a unique question
• Entering an auto-generated emailed code or daily department code
• Alternate passwords like touch, tap pattern, eye scan, etc.

2. Force Password Changes

Set up a system that forces employees to reset their passwords periodically. Using automated technology, alert employees when passwords are about to expire. And then don’t allow employees to log in with an old password after a certain date.

3. Force the Creation of Unique Passwords

If 59% of employees use the same password everywhere, they need a system that forces them to get creative. For some time now, password creation tools have required a special character, upper and lower case, a number and no more than two consecutive numbers. So at this point, most employees have a password that meets those criteria, and they’re still using it everywhere. You’ll need to keep raising the bar to prevent data breaches.

4. Teach Employees How to Create Strong Passwords They Can Remember

This isn’t automatic. And if you don’t, they will write them down or make them too simple. There are many password creation strategies to generate memorable strong passwords.

For example,

1. Find an 8-word phrase from a movie or book you know
2. Speak it aloud, giving at least one word some emphasis, not the first letter
3. Take the first letter from each word to create a string of seemingly unrelated letters
4. Put a capital letter where the emphasis word is
5. Replace at least 2-3 lowercase with a number or symbol that looks like that letter (e.g, $=s, 3=e, @=a, 9=g, 7= l, #=h)

This is nearly impossible for someone else to crack but can be recalled instantly by the person who created it.

5. Inform Employees About Phishing Scams

Cybercriminals have learned how to convince employees to give up their passwords or otherwise compromise the system. Learn about these scams and provide at least annual training on how to spot them.

With strategies like these and the right password cybersecurity technologies in place to back you up, you can protect yourself. To learn more about business technology and cybersecurity, contact your IT services team in Charlotte at William Ives Consulting..