How Your Password Sins Can Put Your Company at Risk

Admit it: at some point in your personal life or professional career, you’ve probably re-used a password, didn’t use any special characters, or were completely uncreative when it came to keeping your accounts safe from hackers and cybercriminals.

Well, here’s your chance to right your wrongs and fix your old password habits. Today is World Password Day, that one day a year when the corners of the internet come together to improve password habits.

Don’t choose a password because it’s easy to remember

More often than not, individuals pick passwords because they’re easy to remember, not because it’s the safest and most secure combination of letters, numbers and special characters. Despite the fact that most people know strong passwords are a basic first step in cybersecurity, many still gravitate to common words or number sequences.

A recent study showed that the most popular password, making up nearly 17% of the 10 million passwords the company analyzed, was “123456.” Yes, that’s right – that many people were still using this to protect their accounts. By this day in age, you would think this password would have been put to rest, but it looks like many still can’t break bad habits despite increased public knowledge on the importance of password security.

The full list of top ten most common passwords includes:

1. 123456
2. 123456789
3. qwerty
4. 12345678
5. 111111
6. 1234567890
7. 1234567
8. password
9. 123123
10. 987654321

While creating a strong password is a good first step to improving security, there are other behaviors employees can fix, too. Password sins are committed every day, often without the individual even realizing it. If you have employees who are stuck in some bad habits, it may be worth implementing an on-going cybersecurity training program.

The worst password management culprits: employees  

In today’s corporate world, users can leave their companies vulnerable when they poorly manage their passwords and devices. We’ve all encountered these folks in our day-to-day work lives, but you probably never realized what a security threat they really are. You might even find that you’re guilty of some of these indiscretions.

1. The BYOD user: It’s increasingly common for companies to accommodate people who want to bring and use their own mobile device for work related purposes. However, if employees aren’t willing to meet IT security policies, it can spiral into hacked accounts or leaked information all from one infected app download.
2. The road warrior: It’s a lot easier to not follow security best practices when working remotely. That said, if there’s no one there to make sure you’re not scrolling Facebook or surfing the web, you’re more likely to click on an infected link that could infiltrate the company’s network and allow access to accounts.
3. The secret shopper: We’ve all seen at least one co-worker browsing for new jeans on their lunch break. However, if they’re using the same password to shop at Nordstrom’s and to login to their email, they could be leaving the company open to incredible risk.
4. The old-schooler: Remembering passwords can undoubtedly be difficult, but the last thing you should do is display it on a post-it note for everyone to see. You never know who may be passing by your desk, so those who have trouble remembering their passwords should consider using a password manager instead.
5. The reboot refuser: This employee never shuts down their computer and never logs out of their accounts. This could lead to huge security vulnerabilities, especially if their device is stolen or misplaced.

If you see these culprits in your work place, it may be best to drop some subtle hints that their practices aren’t kosher. If you don’t, your company may have a serious security incident to deal with in the near future.

Even when companies take the right precautions, employee mismanagement can always lead to hacking-related data breaches. However, vulnerability management can offer a safety net, enabling organizations to properly protect their data and IT assets without the cost of software or hardware, or hiring additional in-house experts.

Visit Proficio’s website to learn more about next-generation cybersecurity and vulnerability management services.