The stronger a password, the better protected both computers and networks will be from hackers and malicious software, and yet many of us default to simple passwords that are as easy to remember as Password123! This month’s World Password Day provided a timely reminder of the need to rethink password protection protocols.
It speaks volumes about the size of the cybersecurity threat that there are now annual days in the calendar to remind us to be cyber secure. World Password Day (May 7) was set up by technology company Intel in 2013 to raise awareness of the need for stronger passwords, but it is not the only such date in the calendar: there is also Data Privacy Day (January 28), World Backup Day (March 31), National Cybersecurity Awareness Month (October), and International Fraud Awareness Week (November 14-20).
And, these are not events aimed solely at consumers. Many businesses and their employees also lack the crucial knowledge and safeguards needed to protect confidential information and sensitive documents and data from a breach or theft. Even those that do take the time to remind their stakeholders of the need to use stronger passwords, and put in systems such as two-factor authentication to help counter the risk, nevertheless remain at risk if employees or vendors use insecure codes.
It is easy not to be password savvy
If a password is easy to remember, then the chances of it being hacked are vastly higher. This is the challenge facing us all today, torn as we are between the need to remember an increasingly large number of passwords and the opposing need to make those passwords as strong and secure as possible.
According to the password manager system NordPass, many of us are falling well short of this challenge, however. In its list of the 200 most common passwords chosen in 2020, the top password is ‘123456’ with ‘password,’ ‘111111’ and ‘123123’ also appearing in the top 10 list. According to its data analysis, the vast majority of the top 200 can be cracked in under a second and repeatedly have been, and yet people continue to use them.
It is not hard to understand why if you think back to the first days of internet and computer passwords. Back then, the default was to choose a word that was easy to remember and it was equally common to apply that same password to every subsequent account.
Unfortunately, old habits die hard, hence the challenge corporate IT departments face in securing employee log-ins and corporate data across multiple platforms and programs.
Many people still use that very first password they chose – or a variation that includes a capital letter, a number, and a special character (most commonly the exclamation mark!), as required by most password registration protocols these days.
Understanding the threat
Password breaches happen frequently and in companies of all sizes and industries. In 2020 alone, user names, passwords, and other sensitive personal information (including payment data) were hacked from online conference provider Zoom, social media platform Twitter, the Marriott Hotel Group, video game company Nintendo, and low-cost airline easyJet, among others.
Such examples provide a stark reminder of how critical password security is to the protection of corporate data, and of the need to put in place stringent control measures that extend far beyond email security to include all access points to a business. For example, endpoint and access control for cloud-based collaboration and communication tools, as well as for remote desktop protocols (RDP) and virtual private networks (VPNs). This latter group may sound secure, but the reality is that RDPs and VPNs are some of the most common channels for malware and ransomware attacks.
Indeed, as the cybersecurity threat continues to grow, the tools, technologies, and communication habits of employees and vendors all need to be considered through a new security-focused lens. Security breaches were already on the rise before the COVID-19 pandemic forced many businesses and their employees into remote working, if not for the first time then in larger numbers than the IT department was set up to support. Little wonder that some sources estimate that cybercrime has risen by 600% during the pandemic.
In such an environment, protecting a company’s information assets is not only the job of the IT department but should be a priority for all employees, from the board of directors to the most junior member of the team. As with any security protocol, the chain is only as strong as the weakest link, and, therefore, should also be extended to cover all touchpoints, including vendors.
Meeting technical challenges with technical solutions
A range of cloud-based and desktop password managers have emerged in recent years to help consumers both establish more secure passwords and also retrieve them when they are needed. The tools use encryption to protect passwords and also take the hassle out of generating passwords in the first place; although you do need to be sure to choose a highly secure and memorable master password if the tool’s password vault is to remain secure.
Modern smartphones and browsers will also provide and store stronger passwords (safe, so long as your devices remain so). An alternative is to use ‘passphrases’, rather than passwords. These are sentences, rather than collections of characters, and can be much easier to remember (or also stored in a password manager).
including vendors in the cybersecurity chain
In the translation industry, for example, which operates using a global network of contractors, customer data can easily pass through highly insecure programs and devices if it is not properly controlled. All it takes is for a program to be hacked or a device to be lost or stolen for that data to fall into the wrong hands.
Security is often considered secondary to productivity in this industry, yet, Language Service Providers (LSPs) are prime targets for hackers given the amount of confidential and sensitive corporate or customer data that they manage on behalf of clients.
If companies are to effectively protect their data, they need to include their LSP in their cybersecurity policies, therefore, including assessing and controlling how content is being managed, moved, controlled, and accessed by all members of the translation supply chain. Ask your LSP today what security settings they have in place to manage passwords, control documents, and ensure your data’s security.