October is Cybersecurity Awareness Month.
It’s an annual event run by CISA focused on education and information, and this years’ theme is “See Yourself In Cyber.”
One way that we can all see ourselves in the cyber landscape is through our use of passwords. We use them every day—to log into our accounts at work, to access our banking applications, and to get into our streaming services. But while passwords are a useful and low-cost way to check identity, humans continue to find ways to circumvent their own safety.
Poor password hygiene and policies both lead to password theft—and the problem is out of control. Compromised credentials—for example, stolen password and email combinations—are the leading cause of data breaches.
It’s no surprise that financial gain is the main motivator of attack, but data itself is another juicy target for cybercriminals. Accessing personally identifiable information (PII) held at healthcare organizations, school districts, and businesses is a goal of many attacks—and the repercussions are enormous. Organizations of all sizes are being attacked, and the attacks themselves are becoming more sophisticated.
How Can We Clean Up Password Hygiene?
There are several password hygiene habits that we could all kick to the curb: choosing weak passwords, sharing passwords, and above all, reusing passwords. Here’s why:
The majority of users are ‘guilty’ of engaging in these habits.
While individual choices around passwords are certainly important, the reality is that these habits aren’t going anywhere. Users are not aware of the repercussions of password reuse, nor are they about to revamp all their account details. Companies have to accept that human error isn’t going anywhere.
However, organizations can massively impact internal cyber hygiene by implementing password policies that focus on protecting both user data and the company itself from attack.
Revisiting your existing password policies, and working to become NIST compliant, can help prevent account takeover, data breaches, and ransomware attacks from within.
The newest NIST password framework recommends these actions, among others:
This Cybersecurity Awareness Month is your organization’s chance to make some of these changes. Becoming NIST compliant has many positive outcomes, from building a reputation for being secure and respectful of client data, to preventing ransomware attacks on your company.
Ready to join the organizations, governments, and educational institutions that have locked down their password hygiene?