5 security awareness topics your users need to know NOW – 3. Passwords

Avatu - the email security specialists

Organisations can’t stop themselves coming under attack from thieves and other criminals trying to disrupt their business, damage their reputation or steal their data.

But they can prepare themselves in better way and minimise the risk.

In this blog, and the four others in the series, we’ll cover five simple issues you need to be talking through with your employees right now.

The third subject we explore is passwords: an uncrackable code?

If you want to read all five at once, there’s a link for a download at the bottom of this blog.

3. Passwords: an uncrackable code?

Instances where access to critical organisational systems is via a user-configured password remain uncomfortably common.

Even where two-factor authentication is in place, the humble password is almost always one element.

While controls are usually imposed to prevent employees from setting the most commonly guessed passwords, user discretion over password complexity remains considerable.

Cyber criminals have identified passwords as a weak link in the security posture of organisations: 2017 saw a 400% increase in attacks designed to guess weak user passwords.

For this reason, it’s critical that your security user education programme helps users to understand not only how they can ensure they’re setting a strong password but also the threat that poor password security represents to them and the organisation.

With hardware capable of guessing billions of passwords per second now in the hands of some criminal groups, it’s critical that users understand how password complexity can be used to protect against the bad guys.

As there are only c. 600,000 dictionary words in the English language, employees must be trained to avoid these in favour of far more complex strings of letters, numbers and symbols: an 8-character password including such a combination provides for 645 trillion potential passwords.

‘The longer the stronger’ is a simple message which will additionally resonate with users in a training scenario and it really works: using a 10-character password boosts the number of potential passwords further...to 3 quintillion!

The requirement for unique passwords within each platform or service must also be communicated via an excellent security awareness programme.

With hackers exposing passwords for various personal sites from Instagram and Facebook to dating websites, the statistic that 50% of employees currently use the same password at home and at work is extremely concerning.

Advice from Rob Savage, Chief Technology Officer with Avatu, the information security advisors. Rob can be contacted on 01296 621121 or email: Rob.Savage@avatu.co.uk Want to know more? If you missed the any of the other blogs, or if you want them all at once, you can download all five pieces of advice here. http://bit.ly/Avatu-5-security-awareness-topics-download-all