Just about every time you read about a data breach, you also read about password security. Passwords are cash money to bad actors who swipe them from social media sites, retailing databases and other electronic stores.
Unfortunately, it seems many consumers don’t get that.
In fact, 21 percent of respondents assume their passwords are of no value to cybercriminals, according to the Kaspersky Lab Consumer Security Risks Survey. On top of that, survey respondents often take the easy way out when creating and storing passwords. Kaspersky offered an example: only 26 percent of respondents create separate passwords for each account and just 6 percent use password storage software.
“Even if you are not a celebrity or a billionaire, cybercriminals can profit from your credentials,” said Elena Kharchenko, head of consumer product management, Kaspersky Lab. “A password is like a key to your home; you wouldn’t leave your door unlocked, or put your keys where anyone could find them, just because you don’t think you have anything of great value. Complex passwords unique to each account, carefully stored in a safe place, will save you a lot of trouble.”
Translating to the Enterprise
Kaspersky describes passwords as the keys to online account holders’ personal data, private lives — and even their money. It only makes sense, then, that passwords hold great value to cybercriminals who want to use them to log on to bank and credit card accounts.
Despite all the publicity around high-profile data breaches at retailers like Target and Home Depot and online properties like Dropbox, the Kaspersky survey reveals respondents don’t always take the necessary precautions to safeguard their passwords. For example, 18 percent of those surveyed write down their passwords in notebooks and 17 percent freely share their personal account passwords with family members and friends.
This translates to the enterprise. Given the proliferation of SaaS apps like Dropbox and Google Apps in the enterprise, it’s safe to assume there is a vast amount of sensitive corporate data being stored in them, often without IT’s knowledge, Paul Trulove, vice president of products at identity and access management firm SailPoint, told us.
“This lack of visibility, combined with not having the right controls in place over those apps, can leave organizations exposed to sensitive information being accessed by the wrong person,” Trulove said. “Such decentralization of IT leaves big gaps in a company’s security defenses. While it may not be feasible for an IT organization to manage the hundreds of consumer-focused SaaS apps like Dropbox, there are automated solutions that can help provide that missing visibility while enforcing a certain-level of security assurances through single sign-on and strong password management.”
4 Quick Reminders
There is also good old-fashioned wisdom. Kaspersky offered these four reminders:
1. Create a unique password for each account: if one password is stolen, the rest will remain safe.
2. Create a complex password that won’t be easy to crack even if cybercriminals are using special programs. That means using at least eight symbols including upper-case and lower-case letters, numbers, and punctuation marks but no pet names or dates of birth.
3. Do not give your password to anyone, not even your friends. If cybercriminals can’t steal it from your device, they might be able do it from someone else’s.
4. Store your password in a safe place. Don’t write it down on paper — either remember it or use a special program for storing passwords from a reliable vendor.