A growing number of cyber-attacks are being attributed to insider human error, or the accidental release of sensitive information by employees through various means. Having a bad password that can easily be hacked is one of these means. Creating a password that is both memorable and secure can be a daunting task. With the amount of applications and websites the average person uses, most people choose to create a password that is easy to remember instead of one that secures our information from hackers. This mistake happens so frequently that each year, Splash Data, a security solutions provider, releases the top 25 worst passwords of the year deemed so because they are weak and easy to guess. If you see one of your current passwords on this list, it is time to change it to one that is less common. Your bad password could end up being the cause of a cyber-attack for your company.

According to the Ponemon Institute, businesses within the United States experience an average of 79 cyber attacks a week. These attacks usually focus on obtaining a company’s financial records or employee/customer records while committing financial fraud. Cyber-attacks can be financially draining and can compromise the reputation of the company, no matter what type of records are being compromised. In addition, the attack may cause disruption of services or business as usual, contributing to the financial losses a business can experience.

If a hacker can easily guess a password within your company, your information is at risk. Think of the information that could be exposed if accessed by the wrong person. Although these records can be hacked using a number of methods, creating one that is difficult to guess is a safety precaution that is imperative when protecting both your personal information and important company information. Taking steps to educate and train employees on proper password etiquette can help your company lower the chance of falling victim to a cyber-attack.

Cybersecurity is a growing concern among individuals and businesses, and securing your individual accounts such as email accounts, corporate websites, and online bank accounts, is the first step in defending against hackers. Along with easy-to-guess passwords, other characteristics that make passwords bad include using short, and easy words such as “password” and “football” with no special characters or numbers to accompany them. Consecutive number combinations are commonly used, which make them well-known by hackers. Creating passwords that include letters and numbers that are associated with you or your family are also considered common and easy to hack. This could include birthdays, pet names, names of family members, or location names.

Most of the above examples can be found in the list of the top 10 worst passwords of 2015:

  1. 123456
  2. password
  3. 12345678
  4. qwerty
  5. 12345
  6. 123456789
  7. football
  8. 1234
  9. 1234567
  10. baseball

Your company’s information can be accessed through a number of outlets, including employee accounts. Educating everyone who has access to important company documents and information on proper password etiquette will help ensure you are taking the proper steps to secure your information. According to Webroot, there are a few tricks employees should keep in mind when creating a password that will not be easy to guess but will be easy to remember. Use a phrase instead of a word, incorporating shortcut codes or acronyms. These phrases can be about the site that the password is for or something meaningful to you. An example of this would be 4Score&7yrsAgo. Passwords can also be customized to fit a certain format but be tailored for the specific site. For example, on a site like Facebook, you could use Pwrd4Acct-Fb.

Luckily, due to the large amount of cyber-attacks that have been occurring in the past few years, cybersecurity has taken an important role within organizations. This has also driven websites that hold secure information to create qualifications for passwords, such as including upper and lowercase letters, numbers, special characters, and also having minimum character lengths. These parameters ensure that employees are required to have passwords that are difficult to guess.

According to the 2014 Verizon Data Breach Investigations Report, two out of three data breaches focus on credentials at some point in the attack. Your employees are your first line of defense against these types of attacks, and education is crucial to ensure the safety of your company’s information. To learn how to prepare for, respond to, and recover from a data breach, download Preparis’ free checklist. For more information on our cybersecurity solution, visit our website. 

Implementation Specialist