How to Boost Workplace Password Security

Posted by

Matt Green

on 15 Feb 2021

With both data breaches and fines on the rise, workplace password security has become more critical than ever. We've some practical tips to help.

How to Boost Workplace Password Security

One of the most common causes of a security breach is weak passwords, with people often reusing them for multiple or all accounts. A survey conducted by Specops Software uncovered that 51.61% of respondents share their streaming site passwords, with 21.43% unsure whether those passwords get shared with other people.

People's attitude to password security is alarmingly lax, which can have costly repercussions for businesses. $1 trillion was lost to cybercrime in 2020, according to McAfee. An estimated five billion unique user credentials (e.g. username and password combinations) are available on the darknet to cybercriminals that can grant access to corporate networks or bank accounts.

How hackers steal passwords

a. Credential stuffing

describes when hackers test databases or lists of stolen credentials (i.e. passwords and user names) against multiple accounts to see if there's a match.

b. Phishing

is a social engineering trick which attempts to trick users into supplying their credentials to what they believe is a genuine request from a legitimate site or vendor.

c. Password spraying

is a technique that uses a list of commonly used passwords against a user account name, such as 123456, password123, 1qaz2wsx, letmein, batman and others.

d. Keylogging

is often a technique used in targeted attacks. Keyloggers record the strokes you type on the keyboard and can be a particularly effective means of obtaining credentials for bank accounts, crypto wallets and other logins with secure forms.

e. Brute force

uses trial-and-error to guess login info, encryption keys or find a hidden web page. Hackers work through all possible combinations hoping to guess correctly.

f. Local discovery

occurs when you write down or use your password somewhere where it can be seen in plain text.

g. Extortion

involves no subterfuge. Somebody demands you hand over your credentials, or they threaten you.

Free Cyber Security Training Presentation

Ways to improve workplace password security

So what should your colleagues do to reduce this risk and ensure they keep their passwords safe?

1. Choose a strong and unique password

Aim for a minimum of 8 characters with numbers, letters and punctuation.

2. Avoid obvious passwords

Don't use easily guessed passwords like 1234, 4321, qwerty, password and password123. Avoid using words that can be found on social media accounts - for example, family names, pets, place of birth, school, favourite holiday, or something related to your sports team or hobby.

Do not use:

      • Names or business names.
      • Family members’ or pets’ names.
      • Your own or family's birthdays.
      • Favourite sports team or other words easily guessed by acquaintances
      • The word ‘password’ or numerical sequences. A survey of data breaches showed "123456" was used as a password 23 million times!
      • Single common dictionary words, such as ‘kitchens’, that programs can easily hack.
      • Recycled passwords (e.g. Jon2, Jon3 etc.).

3. Keep passwords safe 

Avoid writing them down, sharing them with others or using the same password across multiple sites. If you must write them down, make sure you use a code that is meaningless to others.

4. Change your password regularly

Especially if you think someone else knows it.

5. #thinkrandom

The UK government's cybersecurity campaign encourages the use of three random words (e.g. dogmoonpurple) broken up with numbers and characters to substitute for letters (e.g. D0gm00npu4p!e).

6. Use a random password generator

Or create a string of completely meaningless letters and symbols. One way of doing this is to take a random sentence or line from a song/poem, use the first letter of each word, and then add punctuation and numbers to mix it up.

7. Use password management software

Software like Dashlane, 1Password, KeePass, or Lastpass allows you to store all of your passwords behind one master password.

8. For added security, use 2-step factor authentication

If someone logs in from an unrecognised device, you're sent a code (by text or email), which you have to enter to verify it's really you.

9. Regularly check your email addresses

Use one of the many websites that check to see if your password has been compromised, such as Have I Been Pwned. If someone can access your email, it often means that they can easily reset other passwords.

Information Security Training Presentation

Want to learn more about GDPR?

We've created a comprehensive GDPR roadmap to help you navigate the compliance landscape, supported by a comprehensive library of GDPR Courses.

We also have 100+ free compliance training aids, including assessments, best practice guides, checklists, desk aids, eBooks, games, posters, training presentations and even e-learning modules!

Finally, the SkillcastConnect community provides a unique opportunity to network with other compliance professionals in a vendor-free environment, get priority access to our free online learning portal and other exclusive benefits.

GDPR Training Presentation

The fines for GDPR breaches represent up to 4% of your global annual turnover or EUR 20 million, whichever is the highest. So it is critical to ensure your organisation understands and adheres to GDPR.

Our free GDPR Training Presentation is fully editable, presents the key points in plain English and is packed with practical activities to accelerate learning.

Download your free training aid