The “2020 Data Breach Investigations Report” by Verizon has some pretty alarming news when it comes to credential theft. User passwords have become the most popular target of hackers.
This follows the trend of where data has moved over the years. As more companies have adopted cloud platforms, their data has moved away from on-premises servers and into cloud-based applications.
Those applications run from data centers owned by companies like Google and Microsoft, tend to be well protected against forced attacks through networks. Thus, to gain access to company data, hackers need a legitimate user login credential to get in.
The Verizon report illustrates the need of password security to be at the top of any company’s network security strategy. Several of the takeaways are:
- 77% of all cloud data breaches involve credential theft
- The #1 form of malware used in data breaches is a password dumper
- The #1 type of information sought in phishing attacks is user login credentials
Unfortunately, password security has a long way to go in many businesses. For example, 42% of surveyed companies rely on sticky notes as a form of password management.
Bad password habits range from reusing passwords across multiple accounts to creating passwords that anyone could guess (e.g. password123).
Password security has become more important than ever due to credential theft being on the rise and the reliance companies have on cloud accounts.
Tips for Strong Password Security to Protect Your Cloud Accounts
Login credentials can be obtained in a number of ways:
- Hacking weak passwords with an automated password cracking program
- Phishing attacks that get users to input credentials into a fake form
- Data breach of a vendor you use that reveals your login credentials
- Purchasing lists of login credentials from the Dark Web
Because there are so many different ways that hackers can gain access to your password, it’s important to use a multi-layered approach to password security that incorporates several safeguards.
Use Multi-Factor Authentication (MFA) on All Accounts
In today’s cybersecurity climate, there is really no good reason not to use MFA to secure your cloud accounts and important website logins, such as online banking.
According to Microsoft, adding a second factor of authentication with MFA can stop 99.9% of fraudulent account hacks.
With MFA enabled, when you go to login, you’ll be sent a code to a pre-registered device. You must then enter the code within approximately 5-10 minutes to complete the login.
This is one of the most effective methods of password security you can use. If you have multiple cloud accounts, you can look at using a single sign-on (SSO) app that can facilitate just one MFA-protected login for all accounts.
Require Strong & Unique Passwords for Accounts
Employees have to remember multiple passwords in their daily workflow, which leads to those bad password habits like reusing passwords and using weak passwords that are easy to hack.
It’s important to require unique and strong passwords be used for all business logins and to do this through employee awareness training, documented password policies, and in-app settings that allow you to reject weak passwords.
It’s also important to strictly define what a “strong” password means. Here is an example:
- Has at least 10 characters
- Has at least one upper-case letter
- Has at least one lower-case letter
- Has at least one number
- Has at least one symbol/special character
Implement a Business Password Manager
If you’re requiring that employees use strong passwords and unique passwords for all their logins, it’s going to be nearly impossible for them to remember them all.
You want to discourage having those passwords stored insecurely, such as in a plain text document on their hard drive or a sticky note. The solution is to use a business password manager.
Password management applications give employees a secure vault that can store all their passwords for them in an encrypted format. Employees only need to know a single strong and unique password to access all the others.
By using a business version of a password manager, you can keep from being locked out of any business applications. For example, if one employee has the password for a particular website, but suddenly leaves the company.
If you’re using a business password manager, you can designate an administrator that can access all passwords employees use for your business accounts.
Password managers also give you a way to securely store other important data such as company credit cards used for online purchase and server FTP details.
Are Your Passwords as Secure as They Should Be?
If you’re unsure how secure your passwords and cloud accounts are, Rocky Knoll Technologies can help! We can put in place strong password security policies that will safeguard your accounts without slowing you down.
Contact us today to schedule a consultation. Call 704.594.7292 or reach us online.