Even the Fortune 500 don't use secure
passwords, as revealed by NordPass's new research. For example, the top password in
the retail and ecommerce industry is "password", the same as in the industries
of energy, technology, finances, and others. Among the other top passwords, the
popular choices were "123456", "Hello123", "sunshine", and other uncomplicated
phrases.
The researchers analyzed
data from public third-party breaches that affected Fortune 500 companies. In
total, the analyzed data included 15,603,438 breaches and was categorized into
17 different industries. The researchers looked into the top 10 passwords used
in each industry, the percentile of unique passwords, and the number of data
breaches affecting each industry.
The full list and information on
the 17 industries can be found here: https://nordpass.com/fortune-500-password-study/
Weak passwords are one of the top causes of data
breaches in business
Simple
passwords are very dangerous to all users, but businesses and their employees
need to take extra care when it comes to cybersecurity. For example, back in
February, a water treatment facility in Florida had a
serious computer breach. The company used an unsupported version of Windows
with no firewall and shared the same TeamViewer password among its employees.
And in December 2020, SolarWinds suffered from a big data breach,
reportedly due to protecting one of their servers with the password
"solarwinds123".
"Businesses
and their employees have a duty to protect their customers' data. A weak
password of one employee could potentially jeopardize the whole company if an
attacker used the breached password to gain access to sensitive data," says
Chad Hammond, security expert at NordPass.
Data breach cost
According
to an IBM report, an average global cost of a data
breach is $3.86 million. However, a data breach in the healthcare industry
costs much more - $7.13 million. And out of all countries, data breaches in
US-based companies are the most expensive - $8.64 million. According to Statista, the cost consists of things like:
lost business resulting from diminished trust or confidence of customers; costs
related to detection, escalation, and notification of the breach; ex-post
response activities, such as credit report monitoring.
In
addition to that, counties in the European Union face GDPR fines, which are
maximum €20 million or 4% of the annual global turnover, whichever is greater.
How can businesses increase their
password hygiene?
1. Create complex and unique passwords, update
them regularly, and store them in a password manager.
Adopting a password manager for company-wide
use is your best bet to maintain the security of your business accounts. A
password management solution provides a secure way to store, share, and manage
passwords in a single place.
2. Use multi-factor authentication or single
sign-on
Companies should use multi-factor authentication where available for an added layer
of security. Another great idea is to leverage single sign-on and password
synchronization. With single sign-on, employees are less likely to revert to
bad password practices, such as creating common passwords or writing them down.
3. Educate your employees on password hygiene
and potential risks
It's important to note that employees should
avoid mixing their work and personal accounts. This ensures that your personal
identity is not only protected, but also any information related to your
employer is safeguarded in the event of a breach.
Consumer-facing breaches can extend beyond
personal accounts, potentially exposing the enterprise as well. Data breaches
like this can create a domino effect across multiple organizations through the
reuse of credentials across personal and business accounts.