Passwords are like underwear. You shouldn’t leave them out where people can see them, you should change them regularly, and you shouldn’t loan them to strangers.
IT companies can be a huge target for hackers. Don’t make their job easier. Do some cyber-security awareness training for your employees so they can learn how to protect both the company and themselves.
User training is especially important when it comes to passwords. Unfortunately, users tend to make a lot of mistakes with their passwords and hackers know this. You might be surprised at the mistakes commonly made, and you might even be making some of these mistakes yourself. A little training can go a long way, so here we have a guide on seven common password mistakes that are putting IT companies at risk.
1. Using The Same Password For More Than One Login
This is one of the most common password blunders, and hackers love it. It makes their job much easier. Picture this scenario. Your employee receives a phishing email from their bank and doesn’t realize it. They give their banking login information to the hacker. A smart hacker recognizes that many people make the mistake of using the same password everywhere, so they start using those login details in as many places as possible, including your company website. Now, a hacker has made their way in. This is a serious threat, and the best solution is to stress this threat to every one of your employees.
2. Using Passwords That Only Vary By One Character
Now that your employees know not to use the same password, they might try to use similar passwords. For example, if their password was “530eastoakstreet” they might change it to “531eastoakstreet”. Unfortunately, password-guessing programs are advanced and can sniff this out.
Another way employees tend to do this is by adding a special character, such as “!” at the end of the password. Password-guessing software can easily figure this out too so it won’t do anything for your cybersecurity. Special characters make passwords more secure when they are used inside the password, not at the beginning or end.
3. Using Any Personal Information In Passwords
It is very important to stress to your employees that using any kind of personal information as a password poses a huge threat. Their own names should never be used, along with the names of their relatives, favorite celebrities, pets, friends, and so on. Even something as simple as a college mascot shouldn’t be used, as it’s relatively easy to find out this kind of information.
Stress to your employees that adding a random string of characters won’t help either. Password-guessing software knows this is a common tactic and it will keep guessing different combinations until it gets it right. Safe passwords are passwords with a random set of characters.
4. Changing Out Letters For Numbers
Back in the day, “[email protected]$t0n” would have been a more secure password than “Charleston”. However, password-guessing software is much more advanced these days, and it can still figure out passwords with numbers and symbols switched out for letters.
5. Using A Short Password
If it was 2007, a simple five or six character password would have been long enough to be secure. However, computers are very fast now and a brute-force attack would crack that short of a password in no time. These days, your employees should all use passwords that are at least twelve characters, if not even longer.
6. Storing Passwords In Unsafe Places On Your Computer
Your employees know not to use the same password everywhere, and they know not to use simple, easy-to-guess passwords. To keep track of all these different passwords, they might make a document on their computer with all their passwords or email them to themselves. This is a huge mistake that hackers go crazy for. If any malware makes its way onto the computer storing this information, hackers will go through the entire hard drive until they find what they’re looking for. Believe, a determined hacker will find it.
7. Never Changing Passwords
Employees should change their passwords every so often, ideally every three months. If a data breach goes undetected and a hacker waits a while to use the information, the employee could still potentially protect themselves and the company. It might be tedious to change every password that often, but like they say, it’s better safe than sorry.
All this password business seems confusing, but it doesn’t have to be. With a little cyber awareness security training, all of your employees can ensure that their passwords aren’t putting themselves or the company at risk. We know all of this can be a bit to take in, so if you need any assistance and you’re near Charleston, SC, please contact us today!