4 Password Habits That Put Your Organization at Risk
Weak passwords are often the weakest link in an organization's security chain and can leave you vulnerable to data breaches. Ensuring that employees use strong passwords is a simple yet effective way to strengthen your organization's security posture and protect sensitive information. Password managers make it easy to establish best practices and help your employees take control of their cybersecurity—and the more informed and involved your people are, the better your overall security will be.
How passwords can be an organizational risk
With the proliferation of digital tools, employees are accessing a growing number of accounts, and each of those logins is a potential path to your sensitive data and systems. This risk is even greater with the rise in remote work because your employees are accessing their accounts from various locations, including unsecured devices and WiFi networks.
Hacking into an employee account or using stolen credentials to gain access to a network yields a much higher success rate for an attacker than trying to circumvent security tools such as a firewall. Consequently, exposed and weak passwords are among the most common exploits cybercriminals use.
Compromised and weak passwords expose your business to several risks, such as:
- Data breaches
- Account takeovers
- Ransomware attacks
- Financial fraud
- Identity fraud
Threat actors use compromised insider credentials at various stages of an attack to carry out actions such as:
- Gaining an initial foothold into your network or systems
- Escalating privileges and elevating access to critical accounts
- Deploying malware and ransomware
- Installing a backdoor into your systems
Recommended best practices for password management
As mentioned earlier, your employees’ poor password habits can put your entire organization at risk. Share these best practices to help them improve their password security.
Don’t reuse passwords: 63% of employees admit to recycling their passwords for multiple accounts, and if one of those accounts is hacked, the credentials are likely to end up on the dark web. Attackers then launch credential-stuffing attacks by relying on automated means to try using those logins to access other accounts.
Don’t share passwords through unsecured channels: Many organizations share passwords through channels like Slack and email when onboarding new employees or sharing accounts. Since those channels aren’t encrypted, that data can be intercepted by a third party.
Don’t store passwords in a browser: Most people stay logged in to their browser profile, which means others using the device could easily access their passwords. Additionally, passwords stored in the browser aren’t typically encrypted and can be accessed remotely with the help of malware. The passwords are also at risk if the employee’s device is lost or stolen.
Avoid weak or easy-to-guess passwords: In credential-stuffing attacks, hackers often try to crack accounts by using large lists of common passwords—anything from the all-time favorites, “password” and “123456,” to pop culture words. If employee passwords are on that list, your organization might be at risk.
It’s not always easy for employees to create and remember strong, unique passwords, so your best bet is to give them tools so they don’t have to. With a convenient and customizable Password Generator and a vault that encrypts passwords and other data with top-of-the-line security, Dashlane is the user-friendly solution that employees love and organizations can trust.