If you use the same password for multiple systems –business email, your company’s cloud bookkeeping solution, online shopping etc. – you’re not alone. Even Facebook founder Mark Zuckerburg used that practice. And, in 2016 his LinkedIn credentials were compromised in a major breach that also gave hackers access to his Twitter account, because the passwords were the same.
With just one user password, hackers can often break into multiple applications and systems, quickly putting your business at risk. That’s why its a good security practice to have a different, strong password for every account. Any potential breach is then isolated to that account, and the fallout is much smaller and easier to manage.
Add an Extra Layer of Protection for Sensitive Accounts
When it comes to sensitive accounts and systems, such as company servers, accounting software, line-of-business applications and your banking apps, it’s even more critical that your password be unique. Even the strongest security measures won’t protect you if someone uses your own password in your account and is able to gain access.
Think about how much business is accomplished through email. Email accounts are another important area to safeguard with strong, unique passwords. From your email, a bad actor can send out phishing, ransomware or other malicious attacks to any or all of your contacts, and they’ll seem legitimate because they’ve come directly from you. For executives, or those with check-signing authority, this can create a financial risk. For lay persons, it can mean your personal information is accessed by emailing human resources. For human resources, it could mean compliance violations.
Your personal email isn’t off limits either. Personal email accounts are often used in the business realm for specific accounts. Your personal email address is also likely the user name for dozens or more accounts that a hacker could reset the password to, quickly and efficiently, before you become aware of their having accessed your email.
Be Unique and Strong
In addition to being unique, your passwords should be strong. At a minimum, that means you should use at least 10-12 characters, however, even a longer password will be more advantageous. Use phrases instead of a single word. Whatever you chose, avoid obvious choices like password, password123, p@ssw0rd and the like.
Managing all those unique passwords
Why aren’t companies using more unique passwords as a matter of practice? Usually this boils down to it feeling too cumbersome to manage all of them. Most of us have dozens, up to hundreds, of accounts in our professional and personal lives. Using different passwords for each one can be an overwhelming proposition. Remembering dozens of unique, complex passwords is difficult, if not impossible. And, it only takes one member of your team using password123 to create a problem.
To help alleviate this issue, there are secure password-management tools that safely store passwords behind an encrypted, two-factor authenticated login. This gives your team an easy way to manage passwords and log into their different applications, without relying on memory or an insecure notebook or spreadsheet. Having the right tools supports your ability to execute best practices, and it’s now more important than ever.
Company Credentials Might Be on the Dark Web
One important note: If anyone in your company has their credentials compromised in a security breach, you might not know about it for months afterward. Once you find out, how easily can you protect the applications and systems that might have been exposed? When these breaches happen, credentials are often listed for sale on the Dark Web. It’s a common occurrence for a company to have active credentials being sold to criminals repeatedly, and then they get breached without knowing about it.
Is your company managing passwords safely, or might you have company logins and passwords for sale on the Dark Web? You wouldn’t be the only business in the region to have compromised credentials. Contact Deerwood Technologies to find out. We’ll run a free Dark Web scan and give you recommendations to help manage more secure passwords.