We are only human right?! We make mistakes! Making mistakes helps us to learn and grow, however when it comes to cyber security our human mistakes are often overlooked.
According to a study by IBM, human error is the main cause of 95% of all cyber security breaches.
“In a security context, human error means unintentional actions - or lack of action - by employees and users that cause, spread or allow a security breach to take place."
This covers a wide range of actions, for example downloading a malware infected attachment or failing to use a strong enough password.
Human nature means many people prefer convenience over security. Having a single and easy to remember password is easier, right? You only need to remember one thing. You can use it everywhere! If you are forced to change your password periodically, just change the number or the date you have tagged on the end or add an ! - Sound familiar?
This is the list of the top ten most popular passwords found in data that was breached in 2020.
1. 123456
2. 123456789
3. picture1
4. password
5. 12345678
6. 111111
7. 123123
8. 12345
9. 1234567890
10. senha
According to Nordpass.com, all of these can be cracked in less than one second, apart from “picture1” which would take about 3 hours to crack and “senha” would take 10 seconds! But the biggest threat of all is that these passwords are already on the dark web.
When a data breach occurs, the exposed data will sooner or later turn up on the dark web. It might be for sale or even be freely available like the 533 million personal records of Facebook users that were leaked very recently. Different organizations are then able to take copies of the breached databases and extract the email addresses and passwords.
The most well-known of these is the Have I Been Pwned website. This site gives you the opportunity to check whether your email has been caught in any data breaches. If it has, you are told which websites or organisations the data came from. You can change your password for those accounts and secure them again, and everywhere else you have used that same password. We would recommend giving it a try!
Password security steps for the workplace:
If you do not have an internal IT Department, consider outsourcing to a reputable supplier – the following steps should be undertaken by your IT Support provider.
A password policy should be introduced, this would outline what is and what is not an acceptable password.
Tighten up password checking rules on all systems so that the new stronger passwords are enforced.
Promote the use of passphrases that link three or four unrelated words connected by punctuation.
Introduce a company approved password manager. These will create strong passwords for every account and every user. Passwords are automatically generated, and you only need to remember one password for the password manager. They add another layer of protection as the data stored in the password manager is encrypted.
Use multi factor authentication. This requires several things from the user – something you know – your password – something you have – such as your smart phone and something you are – your fingerprint, voice or even your iris. This means that even if a password is exposed in a breach the threat actors will not have access to that account.
Educate your staff – whilst passwords like 1234 or password are still being used, we have a responsibility to shout about the basics of password security.