Seventy-seven percent of all cloud account data breaches are due to compromised passwords. Passwords allow a hacker the easiest path to get to account data and resources, bypassing any account security meant to keep them out.
Most companies are using cloud applications for a majority of their business processes, especially since the pandemic, meaning that passwords are a major cybersecurity risk.
While everyone knows they should be practicing better password security, unfortunately, they continue to adopt bad password habits. These include:
- Using short passwords
- Using easy-to-hack passwords
- Reusing passwords across multiple devices
- Saving passwords in non-secure places
- Sharing passwords with coworkers
- Not using multi-factor authentication with their passwords
39% of surveyed employees admitted to reusing passwords across different work accounts.
Table of Contents
If you think of all the types of cloud accounts your company has, you can begin to get an idea of the damage that can be done if an attacker gains access to a Microsoft 365 or QuickBooks Online account.
Some of the things that can be done in a cloud account takeover include:
- Stealing sensitive data
- Sending phishing on your company domain
- Changing cloud security settings
- Infecting your cloud storage with ransomware
- Forwarding email
- Adding and removing users
- Accessing bank or credit card details
- And more
One of the basic tenets of good IT security is password security. Here are several tips to share with your employees to keep your accounts better secured.
Use at Least 7-10 Characters
The longer a password is, then statistically the harder it is for a hacker to use software to crack it. Passwords should be at least 7-10 characters long to make them more resistant to being breached by a hacker.
Use a Mixture of Letters, Numbers, and Symbols
You want to use a mixture of letters, numbers, and symbols (also known as special characters), which will make the password more random and thus more difficult to guess or hack.
Don’t Use Personally Identifiable Information
If you post about your dog “big cookie” on your social media profile all the time, the password “bigcookie” is going to be one of the first that a hacker tries on all your accounts.
Don’t use things like birthdays, pet’s names, team names for sports teams you follow, etc. for your passwords. While it’s fun to do this and can be easier to remember, it’s also easier for someone else to guess and then gain access to your accounts without much effort.
Use a Password Generator
You can easily find strong password generators online that will suggest good, random passwords that you can use for your accounts. This saves considerable time from having to come up with a strong password yourself and ensures you’ve got all your bases covered for length and mix of characters.
Store Your Passwords Securely
57% of surveyed employees say they use sticky notes for their passwords, and 67% of them say they’ve lost track of those notes at one time or another.
You don’t want to store your passwords in a non-secure place, or someone could grab all your passwords for every account you have in one go.
Places you should NOT store passwords:
- Sticky notes
- Unprotected Excel spreadsheet or Word doc
- In your “Contacts” application
Safe places you can store your passwords:
- Password manager
- Your browser (as long as your browser login has a strong password)
Do Not Share Passwords With Others
While you may trust your coworker implicitly, sharing passwords put accounts at risk. For example, how are you sharing the password? Though an email or text message? Then you’re exposing that account to being compromised because communications can be intercepted if they’re not encrypted.
Never share your password with others. If someone needs temporary access to a tool you use while you’re away, then change the password and then change it again once you get back.
Use a Business Password Manager
Password managers store passwords in an encrypted vault. Employees then only need one strong password to access all the others. Password managers solve the problem of not being able to remember unique passwords for every single login, especially if those passwords are created according to best practices.
The additional advantage of using a business password manager account is that the company retains control passwords and can access an employee’s work password if needed, for example in case an employee quits suddenly.
Use Multi-Factor Authentication With Your Logins
One of the best safeguards you can have for account security is to use multi-factor authentication (MFA) in addition to a strong password.
This adds an additional authentication method to the account, which is usually in the form of a code that is sent to a person’s mobile device at the time of login. Without that code being entered, even if someone has the correct password, they can’t gain access.
According to Microsoft, MFA can block 99.9% of all attempted fraudulent sign-in attempts.
Need Secure & Convenient Password Security Solutions?
Cloudadvize can work with your Dallas-Fort Worth business to put strong password security solutions in place that won’t slow your users down.
Contact Cloudavize today for a free consultation to get started.