How Poor Password Habits Are Hurting Mid-size Businesses
Password security is a vital component to defend your sensitive information (such as personal and confidential data) against unauthorized access. However, many mid-size businesses have poor password habits and methods of storing them that can put the entire organization at risk.
In this article, we will discuss the unique challenges mid-size businesses face in managing password security and show you the most effective strategies for enhancing your password security.
Typical Poor Password Practices
Many employees and businesses fall into poor password hygiene, oftentimes without realizing it. For instance, here are some common poor password habits that might sound familiar:
- Weak passwords: Character combinations are easy to guess, very short, or remain as system defaults.
- Password reuse: The same keywords are used for multiple accounts.
- Password sharing: A person knows someone else’s password.
- Infrequent password updates: Employees do not change their password every a number of days.
The reason behind these examples of poor password choices tends to be lack of awareness, resistance to change, or fear of forgetting the words, especially when they need to manage multiple accounts. In many cases, employees also don’t receive adequate training on how to protect sensitive information.
The Risks of Ineffective Password Management
Poor password practices carry a large risk. For one, it can cause data breaches. This, in turn, can then lead to identity theft and severe business disruption. Once a hacker gains access to an account, they can steal data, spread malware, and send phishing emails.
If you are wondering what a weak password policy entitles, here are three examples of poor password choices you might have come across, too: “Password”, “123456”, or “qwerty”.
It’s important to keep in mind, though, that poor password security practices are often not as straightforward. For instance, in 2019, Australian online fashion retailer, Princess Polly, allowed hackers to access the personal information of 800,000 customers. The reason? Their database had kept the default system password.
The Financial Toll on Mid-Size Businesses
Poor password management involves several risks for mid-size businesses. For example, weak passwords and poor password practices can allow unauthorized individuals to gain access to sensitive information.
Another common tactic used by cybercriminals is phishing attacks (something employees are more vulnerable to if they are not trained on password security). Lastly, poor password management can also lead to malware and ransomware as cybercriminals can use weak passwords to gain access.
The Risks of Poor Password Management (And Their Consequences)
Unauthorized access, phishing attacks, and malware/ransomware can result in costs for your business, including:
- Direct costs: Incident response, legal fees, and customer compensation.
- Indirect costs: Lost business opportunities, reputational damage, and increased insurance premiums.
Legal Implications of Poor Password Management
Another risk of poor password controls concerns legal implications related to regulatory non-compliance. For example, many industries have standards related to password management, and failure to comply with them can result in fines and penalties.
Additionally, if someone accesses personal data due to employees’ poor password habits, you might have to pay for lawsuits and legal settlements.
Each year, cybercrime costs small and medium businesses more than $2.2 million. Unfortunately, even though 43% of cyber attacks target small businesses, almost half of them don’t have any security defense plans!
Effective Strategies for Enhancing Password Security
Luckily, there are many things you can do to improve password practices in your mid-size business. Let’s go through each of these security controls against poor password management in some more detail.
Implement Password Policies
All companies should have a password policy that outlines good practices for passwords. For example, you can create a set of guidelines that prompt employees to combine upper and lower case letters, symbols, and numbers and change their passwords regularly. It’s also essential to make sure the policy is properly communicated and reinforced to make sure your employees are using a password that cannot be hacked.
Sock Club (a custom sock manufacturer), implemented a password management policy that includes regular password changes and two-factor authentication and also uses a password manager to generate and store strong passwords for employees. This policy has helped improve security and reduce the risk of data breaches.
Invest In Employee Training
You should always educate team members on both the best password practices and the risks of poor password management. Include definitions for what is a strong password and weak password, and make sure your training also includes regular reminders about phishing scams, data breaches, and updates on the latest threats.
Some common password security training activities include hands-on experiences where employees can practice creating and managing strong passwords, phishing simulations to detect and report suspicious emails, and gamification to make training more engaging and fun.
A few years ago, Google launched a program called “Password Alert”, which included interactive games and quizzes to test employees’ knowledge of best password security practices.
Invest in Password Manager
A dedicated business password manager can make storing and using credentials much easier. By using this technology, your employees won’t have to worry about remembering them, as they are stored in an encrypted database. Password managers provide a safe space while also supporting more complex password choices, so it’s a much better choice compared to other poor methods of storing passwords, like keeping paper notes or relying on easy-to-recall passwords that can also be guessed by others.
By automating your password use, you can make it easier for employees to follow best practices and eliminate password-related risks. For example, UNICEF (a global humanitarian organization) requires its users to use a password manager.
Support Multi-Factor Authentication
Two-factor authentication (or 2FA) adds an extra layer of security by requiring employees to use a second form of verification on top of their password. For example, this management security method often relies on a text with a code sent to your smartphone or biometrics like fingerprints, retina, or face detection.
First Citizens Bank, a regional bank with over 500 branches, recently implemented a multifactor authentication solution to improve security for its online banking customers. By combining their login credentials with a soft token that can be generated on any device, they are now able to easily verify customer identity and prevent unauthorized access.
Conduct Regular Security Audits
Conducting regular security audits can also help your business identify vulnerabilities in your password management practices and find opportunities for improvement. It’s a good idea to conduct audits at least annually (or more frequently if there have been significant changes to your IT environment or threat landscape).
Microsoft conducts regular security audits that cover password complexity analysis and password management system assessments to encourage poor password hygiene. The company also has a tool that can automatically detect weak passwords.
Final Thoughts: Securing and Simplifying Password Management
Addressing poor password habits and poor password risk is a necessity for all mid-size businesses because, once a hacker gains access to an account, they can use it to cause significant damage to your company.
To prevent these risks, you should always use strong passwords that are difficult to guess and follow best practices for password security, such as regular changes and two-factor authentication. Uniqkey is a password manager that allows you to simplify password management and reduce cyber-risk.
Built with usability in mind, our platform makes it easy for employees to adopt strong password habits in a simple and effective way.
If you’re looking for a long-term solution for businesses and enterprises, contact us today. Uniqkey can help you reduce risks, save on costs, and increase your customers’ trust.