Why should your business care about passwords?
Weak or stolen passwords account for the majority of data breaches. As such, basic password protection is becoming increasingly ineffective.
And if you think that your organisation doesn't have anything to interest cybercriminals, think again. Small and medium-sized businesses (SMB) are the sweet spot for cybercriminals - with more valuable data and assets than consumers and less security budgets than larger enterprises.
Read more
This problem is amplified by the growing number of businesses who are incorporating “smart” devices into their IT infrastructure. These devices are referred to as the Internet of Things (IoT) and can be anything from smart phones and lamps to appliances such as washing machines. While IoT helps business operate faster and smoother, these devices are often vulnerable and run with publicly available default admin usernames and passwords, posing a risk that can lead to harmful consequences.
In addition, the new EU General Data Protection Regulation (GDPR) states that organizations of all sizes are to ensure the security of their data by implementing “appropriate technical and organizational measures”. So, if a breach occurs, and only simple and static passwords are in place, business can face a large fine.
Worldwide, privacy laws and regulations are being tightened. The recently enacted National Data Breach (NDB) reporting requirements of the Australian Privacy Act, and various US states’ privacy regulations with strict data breach reporting requirements, are upping the standards for anyone holding data on residents of those jurisdictions.
How do attackers steal passwords?
- Simple, real-world techniques include shoulder surfing, where attackers observe potential victims when they type their passwords.
- Attackers also manipulate the “human weakness” of their victims via social engineering. A professionally-crafted online form or an email (phishing attack) apparently from a trustworthy sender can persuade even well-trained users to reveal their passwords.
- Cybercriminals with a foothold in an organisation’s network can use malware to search for documents containing passwords or log password keystrokes and send this information to their C&C server. Black hats can also extract encrypted password files and crack them offline.
- More demanding attack techniques include intercepting the network traffic of employee devices when they are working remotely or in a public place.
- One of the most popular ways to break password protection is to use brute force on them. Automated scripts try millions of password combinations over a short period of time until the correct one is found. This is why it has become necessary for passwords to become longer over the years - the more complex the password is, the more time cybercriminals need to guess it.
What is a password manager?
As we accumulate more and more accounts, it can be hard to keep track of each login. A password manager is a piece of software that creates and stores unique passwords for all of your accounts. This means you only need to remember a single, ultra-secure master password.
How does it work?
As ESET Security Specialist Jake Moore explains, password managers are designed to do the heavy lifting of creating, storing and protecting your most important accounts.
“With a password manager, every single login can have a complex, unique password and you don’t have to remember it. What’s more, you don’t actually need to make a new password every time – the manager will do it for you.” 1
The software can do more than just keep your passwords safe. The best password managers can also store your businesses’ bank details and credit card information, keeping any information you want securely away from cybercriminals.
How to build a good password policy
To ensure your organisation has an effective password policy it’s advisable to follow specific procedures:
- Employees need to be trained on how to create a strong password. »
- IT departments should implement rules when setting and enforcing a company password policy. »
- All organisations are recommended to implement additional protective measures, such as two-factor authentication to increase password security throughout the entire organisation.
ESET’s authentication system protects your business accounts
ESET Secure
Authentication
An easy and secure way to protect your sensitive data. Keep track of your login details, group accounts together and mark your favourites for easy access. It automatically fills in the needed information when logging into a web portal, entering a credit card or creating a new account.
How else can ESET protect my business?
ESET offers unbeatable online security and protection through our robust cybersecurity products. Our security solutions safeguard your devices against new and emerging threats with real time detection and response technology.
ESET’s next-gen multi-layered security ensures your business data is protected whether you are using Windows, macOS or even mobile devices. We use cutting edge AI to stop digital attacks in their tracks keeping your devices secure. Choose one of our comprehensive security solutions today to unlock complete protection against ransomware, malware, phishing attacks and more.