The 15th March marked a day that passed most people by, unremarked – World Sleep Day.
For many people, the worries of the day can often crawl into night-time routines and cause lost or disrupted sleep – and a perfect example of that is those that work in the cybersecurity industry. Ever-changing threats, almost daily news of breaches, and the constant and relentless risks for businesses.
According to LogMeIn, almost over 271 thousand records are breached every hour, adding to 2.1 million records in one night’s 8-hour sleep – pretty good cause for late night stress among cybersecurity professionals. LogMeIn chief technology officer Sandor Palfy says given the magnitude of the situation, it’s surprising to consider that the cause is a relatively simple act that everyone is familiar with, as 81 percent of confirmed data breaches are caused by passwords.
So in light of World Sleep Day, Palfy has shared his best practices for password management to perhaps enable a better sleep among cybersecurity professionals, and end-users as well.
Require strong passwords for every account
“The most secure passwords are at least 18 characters and include a mix of numbers, letters and symbols. Short, easy-to-remember or default passwords are not secure and can be easily cracked by hackers,” says Palfy. “It’s also imperative that then these passwords are not re-used on multiple other online accounts. Putting password strength policies in place in your organisation will help prevent weak password creation and reuse.”
“Given that the average person has 200 passwords to keep track of, there can be strong reluctance to create unique, complicated passwords for every online account that are updated much more frequently. To that end, a password management tool can be used to generate and store secure passwords,” says Palfy. “A password manager can also help identify passwords at greatest risk and automatically update them as needed, removing the chore from employees. Once employees begin to use the password manager as part of their daily workflow, they will start replacing their short and repeated passwords with long and unique ones.”
Train employees, and yourself, on proper password management
“It may surprise (and anger!) some IT professionals that people often use the same passwords across professional and personal accounts – 59% have reported mostly or always using the same password,” says Palfy. “Employees should be trained on the risk involved with reusing passwords and be advised to use unique passwords for each account.”
Be careful when sharing passwords
“Sharing passwords in the workplace is inevitable, but you should never share those passwords via email or text. You always want to limit the exposure to a password and thus limit its vulnerability to hacking,” says Palfy. “This includes storing multiple passwords in an easily-accessible document, which again is common practice with 42% reportedly keeping passwords in a file on a mobile device, word document or Excel spreadsheet. Using a password management tool to help you securely share access to passwords is your best bet.”
Implement multifactor authentication (MFA)
“MFA is one of the most effective ways to add another layer of security to password protected accounts,” says Palfy. “Even if a hacker obtains a password, they will still have to provide an additional factor before breaching the account. Multifactor authentication adoption is still relatively low and should absolutely be considered by more organisations.”
Palfy hopes that these tips help, as everyone deserves a good night’s sleep at the end of a long work day.