Half of all cybercrime incidents in the UK were due to hackers exploiting vulnerabilities like unpatched programs or weak passwords. If a password is compromised, it can have a devastating impact on a business. This article examines how improving password security can help guard against cyber-attacks and data breaches.
Why Is Password Security Important?
We use passwords to access highly sensitive information on the internet every day. They’re our first line of defence against hackers and cybercriminals.
Password security is essential for these reasons:
- Weak passwords are one of the most common causes of data breaches. Most people are lax about password security. According to a recent IT industry security survey, almost half of all internet users surveyed use the same password for multiple accounts. Other IT security experts estimate that up to 30% of users have had a data breach due to a weak password.
- Cybercrime and data breaches cost businesses significant amounts of money. For a small business, the average cost of a data breach was £4,200, according to recent figures from cybercrime analysts. For medium to large companies, being the victim of cybercrime has an average cost of £19,400.
- The majority of data breaches are caused by user error. Clicking on fake links or falling prey to ‘phishing’ scams allows hackers access to your data. If you have weak passwords or use the same password repeatedly, it is much easier for a hacker to steal your information.
- It’s the law. If you run a business, the Data Protection Act 2018 UK says you have a legal duty to protect the personal information of your staff and customers. If you breach the GPDR, you could face a fine of either four per cent of your business’s annual turnover or £18 million, whichever is greater. Since the Act came into force, the Information Commissioner’s Office (ICO) has issued €45,350,000 in fines.
How to Create Secure Passwords
Many people use passwords that are simple to remember. Although this makes them easier to use, it makes them more accessible for criminals to crack. An eight-character password categorised as ‘weak’ can be cracked using readily available ‘brute force’ hacking software in seconds. Creating secure passwords is one of the best ways to avoid data breaches and keep your information safe.
A weak password is usually a short, familiar word or a set of numbers. Examples of weak passwords include:
- The names of family members or pets
- Last names with birthdates (such as ‘surname1982’)
- Obvious words or sets of numbers (such as ‘admin’, ‘password’, or ‘password123’)
- Anything that’s predictable or could be easily guessed
Generally, the longer a password is, the stronger it is. You should aim for a password between 14 and 16 characters long. Include a mixture of numbers, letters, and random symbols in your passwords.
The best practice is always to ensure that your passwords are random and cannot be associated with you.
One way to create a strong password is to choose a random mixture of words, numbers and symbols. Another good technique to create a strong password is to think of a phrase you’ll remember. Then turn it into an acronym, capitalise some letters, and add numbers and symbols.
If you took the phrase ‘Spring is when the bright flowers come out’, you could turn it into a password like ‘siwtBFco8721#!’. These passwords would take a cybercriminal more than 20 million years to crack, even with the most powerful computers and software.
If you really can’t be bothered coming up with passwords yourself, there are password-generating tools that will create strong passwords for you.
Some examples of strong passwords are:
How to Protect Your Passwords
Maintaining optimum password security means taking measures to protect your passwords actively. There’s no point in having a secure password if you leave it where someone can see it!
Follow these rules to make sure you always keep your passwords protected.
Use Unique Passwords and Multi-Factor-Authentication
It’s advisable to always use a different password for each separate account. If your password is compromised, only one of your accounts will be impacted. If possible, use accounts that have multi-factor authentication. These accounts send a confirmation text or email or require an app to confirm a login.
Never Share Your Passwords
Never share your passwords with anyone or write them down. Be vigilant about who can see you as you use your computer; don’t type in a password while someone looks over your shoulder.
Be Aware of Your Online Behaviour
Be careful of your online behaviour. Scammers and hackers often send emails with links to fake websites to try and steal your information. Never download files from websites that aren’t official. Don’t click on links that you’re not sure of. Beware of anything that seems even slightly suspicious. Never access sensitive sites while you are using a public Wi-Fi connection. Always keep your software updated and have a good antivirus program on your computer.
Use a Password Manager
One of the significant challenges with password security is trying to remember complicated passwords. It’s good practice not to store your passwords in your browser. Although this is convenient and easy, it’s also a significant security risk.
If you leave your computer unattended or a hacker accesses your computer, then all of your accounts will be compromised. Use a dedicated password manager instead. A password manager is a program that stores all your passwords and is password-protected.
Where to Learn More About Password Security
Approximately 39% of UK businesses reported being cyber-attack victims in 2022. Maintaining good password security will help you avoid cyberattacks and protect your data and the data of your staff and customers. Unfortunately, many people don’t know how to stay safe online and prevent data breaches.
Every business owner should have a good understanding of their responsibilities under the GPDR. Enrolling in our GDPR & Data Security Fundamentals Training Course will teach you and your staff cybersecurity best practices. You can learn effective techniques to safeguard sensitive information and ensure your business complies with the law.