The holiday season in December is typically known for bringing with it lovely gifts, and in the past, this was especially true for hackers. With understaffed departments, employees distracted by end of year deadlines and a generally relaxed atmosphere, hackers would gain their biggest catches. Now, that smorgasbord of stolen data has extended to the entire year. One of the best year-round gifts that companies can offer a hacker is weak passwords.
What Exactly is Password Hacking?
Password hacking is the technique used to guess system users’ unique login credentials in order to gain access to sensitive data. Hackers can access passwords in several ways.
First, they can guess the passwords based on knowledge of the user and their lifestyle. Birthdays, pet’s names, and children’s names are some of the most commonly used passwords, so hackers often start there.
Hackers can also guess passwords by using software that gives them access to sensitive data.
Finally, some employees unknowingly give the hackers their passwords by writing them on sticky notes and pasting them to the computer’s monitor.
Another common trick that hackers use to steal passwords is impersonation. The hacker may pose as a bonafide employee and contact IT to reset their password. Once the password is reset, the hacker will change it and have complete access to all of that employee’s data.
Never compromise security
for convenience, choose both!
What Constitutes a Weak Password
Weak passwords are easy to guess. The most common passwords include demographic data like dates of birth, pet’s names, children’s names, or phone numbers.
In addition, weak passwords usually only contain letters, which makes it easier to guess. A lot of hackers are able to use common knowledge of the person to easily guess their password.
If someone sat at your employee’s desk, could they use clues around them to guess their password? Your employees have pictures of their kids, dog, and spouse on their desks. They even have their birthday circled on the calendar. Sharing this information may make them more social in the office, but it also means there’s a huge weak password risk. They’re giving hackers a gift.
Some of the most commonly used passwords include:
Imagine the delight on a hacker’s face when they sit down to a random workstation, type in “12345” and gain access to all of your company’s sensitive data.
If a password policy is not in place at your company, you’re just asking for a hack.
How Your Employees Make it Easy for Hackers…And Why
Besides the obvious abc123 password, your employees are actively doing things that make a hacker’s job easier. They’re not intentionally trying to cause a breach, but they are often the cause of data loss and cyber attacks.
They think it’s not their job
Unless your employees believe that they are part of the security team that keeps hackers out, they won’t take data security seriously. They’re there to do their job, and to them, data protection and weak password risk is not part of it. There is no reason for them to worry about password strength.
They’re not protecting their email
If your company is not using two-factor authentication, you’re vulnerable to attacks. But if your employee has a workstation password of abc123 and the hacker gets in only to find that the email system is protected by a strong password, they’re not going to get far. However, if Microsoft Outlook opens up the minute the workstation is open, the hacker will be privy to all kinds of credit card numbers, ID, and sensitive conversations.
They’re vulnerable to scams
Send out a sample phishing email that asks your employee to click a link for a free giveaway at work. Chances are a large percentage of them will click on it without a second thought. For the prize of a movie ticket, your employees will willingly expose the entire company to a breach. Phishing scams are quite popular with hackers and can cause devastating losses to your company.
They’re sharing their passwords
This is where it pays to empathize with your staff and put yourself in their shoes. They’re stressed about their work demands and they’re trying to make their workday easier. Instead of remembering 20 passwords, they make the password for every application 12345.
Easy for them. Or, they keep a little notebook of passwords in their desk. Simple. Or they’re going to be away on vacation and they want to assist their team in accessing their work while they’re gone. They give out their password to everyone on the team so that they can log in and use what they need. The biggest one is simply writing the login information on a sticky note and tacking it to the screen. Merry Christmas, hackers.
There is Hope
Protecting your company’s data against hackers is not a lost battle.
First, you need to have a password policy. Adopt password best practices and train each employee.
Tell your staff not to ever write down passwords. If the most common complaint is that it is challenging to remember multiple passwords, use a software that securely stores their passwords on their individual workstations for ease of use. Secure your workstation with a strong password.
While creating a Google Doc and adding in every password to every login that the team uses may be convenient for the team, it’s a dream come true to a hacker. Advise your staff against this.
Train them on common phishing scams. Require them to take a course in phishing and test them by sending them fake emails. When they click the fake email, direct them to a page that lets them know that they have been “fake hacked.” Award a prize at the end of the month for the person who doesn’t click on the fake email.
Use a periodic checkup to ensure that your network is safe. Google’s security checkup is one of the best applications that can gauge the safety of your data. Conduct regular audits of your system to find any weak links. Track the history of each user to see if there are any unusual activities.
Is there an employee accessing software he doesn’t normally use? Is he logging on at 2:30 in the morning from California and your office is in Boston? Were there multiple attempts to log in from different devices? By conducting regular audits, you can catch hacks before they are successful.
When it comes to your employees, it’s safe to assume that some of them will compromise safety for convenience. It is easier to create the password, “abc123,” than it is to remember “jk@31q!”. It’s simpler to write a password down and stick it to the monitor than to remember the 11 passwords needed for every work application.
The Teamstack Solution
One of the leading software for small business and enterprise, Teamstack offers a cloud-based solution that allows for team collaboration without compromising security.
Integrate Teamstack with more than 1,000 of your favorite applications like Slack™, GoToMeeting™ and Zoom™ to name a few. Now all your team has to do is use our multi-factor authentication system and log in easily and securely.
With a single sign-on (SSO), password-less login, and one-click provisioning, your team will be able to securely access their favorite applications without exposing your company to hackers. The extended audit trail allows you to fight hackers by catching multiple failed login attempts and blocking them before they get access.
Don’t let your company be the one that makes the news for a major security breach. By making your employees your first line of defense and using Teamstack to protect your company’s sensitive data, you can put hackers out of business.