Many organizations, especially small businesses, rely on username and password protocol as their primary cybersecurity protection method. They assume that requiring employees to use strong passwords, and then requiring regular changes to those passwords, is an adequate approach to cyberattack prevention. On the contrary: Relying primarily on passwords is not as secure as most of us are led to believe.
The Verizon 2017 Data Breach Investigations Report was recently released, and two of the major findings bear directly on this issue. Of the data breaches that were analyzed:
What does this say about relying on usernames and passwords to secure your network – and why are strong passwords not a solid cybersecurity strategy?
Most people don’t want to remember numerous usernames and passwords for multiple accounts and programs, and many don’t feel confident in their ability to accurately recall that information. More so, they dislike having to regularly change passwords on individual accounts, and being forced to forget previous passwords in exchange for new ones. To deal with this frustration, they tend to do one of two things (or both):
The problems with these widespread tendencies are simple:
Having a system of employee usernames and passwords is not enough. Passwords, to be at all effective, need to be randomly generated strings of characters, changed frequently, and accompanied by two-factor authentication and protected by additional layers of security, backup and recovery, and monitoring.
thinkCSC is here to help ensure your cybersecurity systems are strong and vibrant, to assist you in your preparation for and response to cyberattacks. Together, we can avoid the mistakes that are common among so many businesses and organizations, in the end becoming as secure as possible in today’s technological world.
While thinkCSC believes that employees will always be the first line of defense against ransomware attacks, the only real solution is for leaders of all –organizations – businesses of all sizes, government entities, schools, hospitals, and –others – to invest in stronger IT security that includes offsite backup and recovery and managed security. These protections, combined with ongoing staff training, strict security policies, and constant vigilance, are an absolute necessity in today’s cyber-environment.
For new customers interested in information on obtaining our services, please contact us at email@example.com