Even the Fortune 500 companies don’t use strong passwords, according to the latest research. For example, the top password in the retail and e-commerce industry is “password”. It’s the same in energy, technology, finance and others. Other popular options included “123456”, “Hello123”, “Sunshine” and other uncomplicated phrases.
The researchers also analyzed data on outsider password access affecting Fortune 500 companies. In total, the analyzed data included 15,603,438 violations and was divided into 17 different industries. The researchers also looked at the top 10 passwords in each industry, the percentile of unique passwords, and the number of data breaches that occurred in each individual industry.
Weak passwords are one of the main causes of data breaches in companies
Weak passwords are a threat to all users, but business owners and their employees need to take extra care when it comes to cybersecurity. For example, in February, a serious computer glitch occurred at a water treatment plant in Florida. The company was using an unsupported version of Windows with no firewall and all employees were using the same Team Viewer password. In December 2020, SolarWinds experienced a major data breach, reportedly as a result of protecting one of its servers with the password “solarwinds123”.
Companies and their employees are obliged to protect their customers’ data. An employee’s weak password can potentially put the entire organization at risk if an attacker uses the compromised password to gain access to sensitive information,” said Chad Hammond, security researcher at NordPass.
Costs related to data breaches
According to the IBM report , the av
erage global cost of a data breach is $3.86 million. However, a data breach in the healthcare industry costs a lot more – $7.13 million. Comparing countries, a data breach in US companies is the most expensive at $8.64 million. According to Statista , the costs are made up of the following: lost business due to the loss of customer trust, the costs of detecting, managing the escalation and notification of the breach, and adding to this the necessary post-event activities such as monitoring credit reports.
In addition, GDPR fines are imposed in European Union countries, up to a maximum of €20 million or 4% of annual global turnover, whichever is greater.
How can companies improve their password hygiene?
Create complex and unique passwords, update them regularly and store them in a password manager.
Using a password manager across the organization is the best choice to ensure the security of your business accounts. A password management solution provides a secure way to store, share, and manage all of your passwords in a single place.
Use multi-factor authentication or single sign-on.
Organizations should use multi-factor authentication as an additional layer of security whenever possible. Another good idea is to use single sign-on and password sync. With single sign-on, employees are less likely to be careless with passwords, such as using common passwords or writing them down.
Inform your employees about password hygiene and possible risks.
It is important that employees avoid mixing their work and personal accounts. This not only ensures that their personal identity is protected, but also that all information relating to the employer is protected in the event of a data breach.
Breaches that affect consumers can not only affect personal accounts, but potentially put the business at risk. Data breaches of this type can create a domino effect affecting multiple organizations as credentials are reused across personal and work accounts.
Also Read : A Complete Guide To Test Automation Cloud