Boosting password security

How secure is your business? Do you check visitors in and out of the office, perhaps restrict access to certain confidential files, or work on a need to know basis? Or perhaps you operate a more free and open style, trusting your people to know what should and shouldn’t be shared and to act in the best interests of the organisation.

Whatever your approach, there may be one area which is leaving your company information open to the world; your passwords. According to a 2019 Data Breach investigations report by Verizon, 80% of data breaches are caused by weak and compromised passwords and little has changed since. It seems as though, despite the danger, the temptation to use easy to remember passwords overcomes any concern about data breaches.

A more recent survey by NordPass revealed that the top passwords used by CEOs, executives, business owners and managers have little changed over time. There are a few variants on a theme but overwhelmingly ‘123456’, ‘password,’ and ‘qwerty’ seem to be the password of choice. Those of a more adventurous nature may look towards animals and mythical creatures with ‘dragon’ and ‘monkey’ coming top of that list; whilst others may simply opt for the inclusion of family or pet names.

If that is the tone being set at the top of organisations, it is hardly surprising that others lower down the ranks fail to take password security as seriously as they might. That’s one reason why World Password Day, which takes place towards the beginning of May each year, gives prominence to the promotion of strong passwords which are less likely to be hacked.

So what is a strong password? You might think that randomness equals strength. And it does, to an extent. However, make the password too random and it becomes so hard to remember that it will be written down; not something you want for password security. As an alternative, in 2016 the UK’s National Cyber Centre recommended using a combination of three random words such as ‘coffeetrainfish.’ These are hard for hackers to guess and yet are far easier for individuals to remember.

When you are looking at password management, don’t forget your phone system. If individual phones, or the system itself, are still using the default passwords they came with on installation then they are open to hacking. And once your phone system is vulnerable then not only can phishing attackers gain access to an apparently secure line, fraudsters may also be able to use your system to run up expensive calls to premium numbers. Add in the potential for hackers to access caller details and it is easy to see how data breaches can cost businesses their livelihoods and reputation.

Apart from ensuring that default ‘1111’ or similar pass codes are not being used, another option is to ensure that unused extensions are not left available. Callagenix’s Extension Control App and ACD Login Service enable supervisors to switch extensions on and off as required; perhaps something to consider if offices are to be left empty over the extended Jubilee Bank Holiday weekend.