Hikvision Senior Director of Cybersecurity on Report: Poor Password Practices Increase Password Hack Risk
In this blog, Hikvision Senior Director of Cybersecurity Chuck Davis takes a look at the recently released third annual Global Password Security Report. In this report, LastPass analyzed more than 47,000 businesses to share interesting and helpful insights into employee password behavior at businesses around the world.
The report is free, but you will have to provide some contact information to download it.
The key takeaways are:
- Businesses still have a lot of work to do in the area of password and authentication security.
- Businesses are increasing their use of multi-factor authentication (MFA) but employees still have poor password hygiene, which increases the risk of a potential password hack.
- While businesses are investing in authentication security solutions, more action is needed to improve password hygiene.
A few key highlights from this year’s report:
- 57 percent of businesses globally have employees using MFA, up from 45 percent the previous year.
- 87 percent of companies with more than 10,000 employees are using MFA, but only 27 percent of companies with 25 employees or fewer are using MFA. And, according to the 2019 Verizon Data Breach Investigations report, 43 percent of cyberattacks are aimed at small businesses.
- Password reuse is still widespread. This puts people at risk of becoming victims of credential stuffing attacks.
- Increased regulations appear to be driving additional security awareness, especially in the EMEA region with the General Data Protection Regulation (GDPR) and in the APAC region with the Australian Notifiable Data Breaches (NDB). Both GDPR and NDB mandate the reporting of data breaches.
The report’s revelations are both positive and negative. While it only samples companies that use LastPass (arguably the type of companies likely to invest in cybersecurity), we can see that even in this sampling there is a lot of work to do.
The report ends with some solid advice, including six tips to reduce password hack risk:
- Take access security seriously.
- Make a plan.
- Mandate the use of a password manager.
- Train, train and train some more.
- Turn on multi-factor authentication.
- Regularly check your Security Score and keep tweaking your approach. (For LastPass users)
If you are not using a password manager in your business and personal lives, it is something to consider to reduce the risk of a potential password hack. Remembering the passwords to every one of our hundreds of accounts is difficult. Using a password manager makes it easier.
LastPass is one of many password management tools available to assist you. Here are a few articles that compare and contrast the leading password managers:
- “Best Password Manager Based on In-Depth Reviews,” ConsumersAdvocate.org
- “Get a Password Manager. No More Excuses,” Wired Magazine
- “The Best Password Managers,” lifehacker.com
Once you decide on a password manager, be sure to enable MFA anywhere and everywhere you can.