Stop Reusing Passwords: Protect Your Business Now!

This week, a staggering 16 billion passwords were leaked. This isn’t just a number; it’s a wake-up call for businesses everywhere. If your team is still using weak or reused passwords, your company could be the next target for a cyberattack. Dave explains what needs to be done immediately to reduce this risk.

Key Takeaways

• Train your staff on cybersecurity best practices.
• Implement multi-factor authentication (MFA) everywhere.
• Encourage the use of password managers.
• Move towards passkeys as a replacement for traditional passwords.
• Use long, memorable passphrases instead of short, simple passwords.

The Scale of the Problem

Sixteen billion passwords sounds like a lot, but when you consider the sheer number of possible passwords, it highlights a common issue: most people reuse the same passwords across multiple accounts. This habit creates a massive security risk for organisations. If a hacker gains access to just one account, they can potentially steal or encrypt all your sensitive data, causing significant damage to your business.

What You Need To Do Right Now

There are several practical steps you can take to protect your organisation:

1. Cyber Awareness Training: This is the most cost-effective and easiest way to start. Training your team to recognise and stop threats is your first line of defence. We can help provide this training, so get in touch if you need assistance.
2. Utilise ‘Have I Been Pwned’: This website allows individuals to check if their email addresses have been compromised in data breaches. By typing in their email, people can see what information (like names, addresses, or dates of birth) might be available about them on the dark web. This awareness helps people understand why password reuse is so dangerous.
3. Embrace Passkeys: Passkeys are the future and are designed to replace passwords. While not fully adopted everywhere yet, you can enable them on platforms like Microsoft 365 and social media accounts. Passkeys are linked to your device, making them much harder to hack than traditional passwords.
4. Implement Multi-Factor Authentication (MFA): While MFA is helpful, it’s not foolproof and can sometimes be bypassed. However, it’s still a vital layer of security. All web-based systems must require MFA. It’s a minimum requirement for many cybersecurity standards, including Cyber Essentials.
5. Provide Password Managers: For teams managing numerous accounts, a password manager is essential. We recommend Keeper, which not only helps manage work passwords but also provides a personal license for 12 months, allowing employees to use it for both work and personal accounts.
6. Use Long, Memorable Passphrases: The longer your password, the better. Instead of simple words and symbols, try creating passphrases using four memorable words combined with numbers and symbols. For example, the "battery horse staple" method. Many passwords today are easily cracked in seconds because they are too short and predictable.

Understanding Password Vulnerability

It’s shocking how quickly some passwords can be hacked. Without MFA, even an eight or nine-digit password offers minimal protection. It might stop someone from casually accessing an account, but it won’t stop a determined attacker. Long, complex passphrases are significantly more secure. The goal is to make it as difficult as possible for attackers to guess or brute-force your credentials.

By focusing on training, implementing MFA, and encouraging the use of passkeys and password managers, you can significantly reduce the risk of a serious data breach and protect your organisation’s valuable data.