Protecting information and data
Passwords are often the only thing standing between someone having access to your data and information. That someone could be an attacker who wants to steal information from your company and sell it, or wants to gain access to your systems to extort money or use them for illegal purposes.
As annoying as passwords are, they are what we have right now to protect our data. They don’t require any extra devices to work (like fingerprint scanners), just your memory. Unfortunately just about everything online now requires a password – so you could easily end up with over 100 different places requiring a password.
Password reuse and its risks
Re-using the same password over multiple sites is the number one way that your personal or company data becomes compromised via a password. It only takes one of the places you’ve used that password to become compromised (hacked) and then your password is available online for the world to see.
Attackers are hoping that you have re-used the password for your personal email account, company accounts and company email. As this gives them complete access to your personal and company data.
Attackers love to get control of your email account because they are like a filing cabinet for your life. They contain sensitive personal information, statements, bills, and company data – all the information necessary to seal your identity at a minimum. The best part for the attacker is that once they control your email, they can reset your passwords for email and other accounts (a cascade of compromise).
Ideally having different levels of passwords prevents this cascade of compromise. Strong unique passwords for: email accounts, remote access systems, company data sites, internet banking, and PayPal. Once these places are secure with strong passwords or 2 factor authentication, then you can look at the next level down; like social media, internet forums, and other sites.
Never store your strong unique passwords in the browser for email, company data sites, or internet banking. Storing passwords in the browser is not secure because if your computer becomes compromised by a virus then the attacker has access to all your accounts.
Passwords are a necessary evil, but we need to think carefully about which accounts are most important and prioritise strong unique passwords to those accounts. If you would like any more information, please don’t hesitate to contact us using the information below.