Recent Wave of Cyberattacks Proves No Industry Immune
Ok, who had meat plant, steamboat, and the NYC subway on their Hacks of 2021 bingo card? Anyone?
It's tempting to think that cyberattacks are primarily aimed at the federal government and social media platforms overflowing with user data, and plenty are. But the last six months—and even the last six days—have proven that when it comes to hacking, industry immunity is a myth, and no government agency is too obscure.
In turn, this means that no investment your business makes in cybersecurity is wasted, whether you're selling bumper stickers or running one of the largest gas pipelines in the U.S. According to reporting from Bloomberg, the recent hack of the Colonial Pipeline was due to a single compromised password, underscoring the overwhelming precarity of virtually any enterprise or organization.
Frustratingly, especially for small- and medium-sized businesses without a chief information security officer or a dedicated IT department, securing your perimeters and shrinking attack surfaces are not quite as simple as buying a piece of software or announcing a new security policy at the next company meeting.
Because for all the 1s and 0s and technical jargon, cybersecurity is a deeply human problem.
Solving the human security problem
When we say that cybersecurity is a human problem, we're looking at the issue from a few different angles. The first is simply the sheer number of cyberattacks directly related to weak or reused employee passwords—a shocking 80%, according to the 2020 Verizon Data Breach Investigations Report.
But identifying people as your largest vulnerability is only step one, because this particular vulnerability comes with some unique challenges; namely, it's really opinionated, has digital habits that are hard to break, and doesn't like it when the IT department tells it what to do. (You can read more about common human-centric pitfalls in implementing security practices.)
“As humans, we generally know what the right thing is to do, but sometimes we can’t bring ourselves to do it because we’re looking for shortcuts," Dashlane CEO, JD Sherman, recently told Raconteur for their Future of Work report. "We know we should have complex passwords and change them often, for instance, but it’s a headache so we tend not to do it. A human behavior problem is harder to address with technology and it is amplified as people are working from home with lots of online tools, and when work and home blend together.”
So what to do, especially if you don't have a dedicated security team?
Protect your business with a password manager
One of the simplest first steps in protecting any business (and your personal data) is getting a password manager. Yet only 25% of respondents to a recent Dashlane survey said they use an automated password management solution to keep track of their work account passwords. Dashlane’s password manager not only helps you enforce the recommended password practices but also gives you the tools to understand—and improve—your organization’s password health over time.
Password managers help employees create strong, secure passwords that can be synced across multiple devices.
Password managers can:
- Significantly improve an organization’s cybersecurity by identifying and eliminating weak and reused passwords. IT gains greater visibility into all apps and services in use, including those directly installed by business functions without the knowledge of IT, a practice known as shadow IT.
- Enable employees to securely manage their own personal passwords.
- Make it so employees only remember only one password—their master password—which will enable access into their other accounts. Password managers also ensure that this master password is strong and remains secure.
- Simplify tasks like generating new passwords and updating old passwords.
- Allow co-workers to securely share passwords within the password manager app, while lessening the likelihood of a data breach that might happen if a password is stored in a spreadsheet or shared over unsecured social platforms, like Slack.
- Separate personal and business credentials to help make sure that employees don’t leak or leave with sensitive business information and intellectual property.
How to get started
Intrigued, but unsure where to start? Download our free e-book, A Business Guide to Data Breaches and Hacks, to learn how to build a solid security foundation that you can build upon as your business grows and evolves.