Earlier this summer, dozens of parliamentarians’ email accounts were targeted by an alleged state-sponsored cyber attack. Officials were forced to lock the affected users out of their own accounts to avoid potential blackmail attempts. The accounts targeted had something in common: they had weak passwords that did not meet Parliamentary Digital Service guidelines.
This example, however, is only one of many. Verizon’s “2017 Data Breach Investigations Report” attributed 81 per cent of hacking-related breaches to stolen and/or weak passwords.
It’s critical to have a clearly defined password policy to hold employees accountable and protect your business. Consider including the below guidelines in your password policy:
- Avoid writing down passwords or storing them in a manner which makes them susceptible to discovery by your colleagues, customers or any other persons.
- Never divulge your passwords to any of your colleagues unless they’re authorised to know your passwords.
- Always avoid using the same password for multiple accounts. Duplicate passwords dramatically increase the likelihood of additional accounts being compromised in the event of a breach.
- If you struggle to maintain lots of passwords, try out a password manager. This type of software is a useful tool that helps securely store all of your login details in one place, under one password.
To learn about other types of human error that lead to cybersecurity breaches, view our infographic.