Is your network at risk due to the way you and your employees use passwords? It could be – and anti-virus or firewall programs won’t protect you from harm if someone with bad intentions gets access to your network. The passwords you choose, the way you share them and even your well-meaning employees could be putting your business at risk.
If you do not have a password policy or haven’t looked at how your business sets, uses and shares passwords in a long time, it is time to review how your team is accessing your network. Check for the following common password errors and you’ll get a good idea of just how safe your network really is.
Your Team May be Putting your Network at Risk
Employees who exploit the businesses they work for to make a profit or purposely put their employer at risk make headlines, but true malicious insiders are thankfully a minority. Most businesses face a far greater risk from loyal and trustworthy employees who simply choose poor passwords, fall prey to phishing scams or inadvertently expose passwords to others.
How Secure are your Passwords?
If you allow your employees to choose their own passwords then you may not be as secure as you’d like. Left to their own devices, most people pick passwords that are simple to remember – and appallingly bad. According to Gizmodo, some of the most awful passwords are also the most commonly used; the list of the most popular passwords of 2015 may be startlingly familiar:
- football (or the name of the most popular team in your city)
If you are using one of these passwords, you’re exposing your network to risk, to the delight cybercriminals and ransomware specialists everywhere. Would someone be able to enter your network simply by trying one of the above terms? If so, your network is simply not as secure as it could be.
Overly Simple Passwords
You don’t have to use one of the popular passwords above to be in trouble; if your password is your business name plus the year or any variation of your business name, it’s time to make a change. Easy passwords are convenient for you, but they’re wonderful for anyone wishing to exploit or harm your business, too.
Even a well-crafted password isn’t going to be able to protect your network if you reuse it often. If you have not changed your passwords in more than a year, it is time to make a switch. Former employees, vendors and others who’ve accessed your network in the past will still be able to get in if you don’t update your password regularly or if you reuse it.
Reusing passwords invites those who have had access in the past to revisit your network, whether you like it or not. Updating your passwords on a regular basis ensures that only the people you wish to allow in have access to your network.
Even if you choose a secure, non-common password it won’t be able to protect you if your employees share it freely. Since more complex passwords can be more difficult to remember, many businesses opt for convenience over security, posting passwords in clearly visible areas. It is not unusual to see computer monitors with a sticky note or other piece pf paper affixed – that reveals the terminal’s password. By displaying these passwords in a prominent place, the employee can easily access the workstation, and so can anyone else with access to the physical space.
Check your reception areas, work stations and other semi-public spaces for displayed log-in credentials to instantly cut your risk. Other common areas to check for written passwords include the underside of the keyboard, on the desk blotter and in the top drawer of a desk. If you have a password written in one of these areas, your network is at an increased risk.
Phishing Attempts, Email Scams and Spoofed Sites
Your passwords could be exposed deliberately by a scammer, if you or an employee falls for a phishing scam or a sophisticated email scam. Often used to deliver malware or ransomware, cybercriminals can use a variety of methods to get unauthorized access to your network:
Email Scams and Phishing: The victim receives an email that claims to be from a recognized business—PayPal, Facebook or even a popular bank. The email pretends that the victim’s account access is in jeopardy, unless they click a link to verify their identity. Once clicked, the victim is taken to an authentic looking site and asked to enter their log-in credentials. From there, the hackers exploit the information in several ways, including identify theft, data theft and more.
Fake Apps: Cybercriminals create an app that looks like it came from a legitimate business, but really leads to a fake login page. Once you log-in, the hackers use your real credentials to exploit your accounts
Ransomware: Delivered in a variety of ways, ransomware can cause your business to come to a total halt. In Conway South Carolina, a school district had to pay thousands in Bitcoin after an employee inadvertently fell for a ransomware scam. The district was locked out of their own networks without any way to access their own data until they paid up.
Employee Training and Education
Your employees mean well, but unless they understand the importance of passwords and the best way to store them, they could be putting your business at risk. Adding information about network security as part of your onboarding process and during employee education seminars can help reduce your risk of a breach.
Mobile Device Use
Employees that use their own devices or that use company devices on private time could expose you to risk if they lose their phone, tablet or laptop. If employees are staying logged in or storing passwords for convenience, it may be time to address mobile use. If you allow employees to BYOD (Bring Your Own Device) you could have more risk than you expect, since a device could fall into the wrong hands. A written device policy that clearly outlines the best practices you’ve chosen can help cut your risk when mobile devices are used.
Managed Services Mitigate Risk
While learning about passwords and risks can help, the fastest and easiest way to secure your network is to opt for a managed services provider. Having an expert manage your system can prevent data theft, unauthorized access and a host of other problems associated with passwords and hacking. In addition to protecting your network, outsourced IT service providers make sure your networks are always up to date and backed up, further reducing your exposure and ensuring that your business can’t be derailed by a hacker or employee error.
Checking your passwords, choosing strong passwords and educating employees about the risks of ransomware and phishing is a good start, but for comprehensive protection, a professional can help.
Contact us to learn how easy it is to get the skilled help you need and to ensure your business is protected, 24/7.