The largest password collection of all time was recently leaked onto a hacker forum, with an eye-watering 8,459,060,239 (8.4 billion) unique entries stored in a 100GB TXT file putting potentially billions of logins at risk.
Dubbed as ‘RockYou2021’ after the RockYou data breach in 2009, the file also contained passwords from multiple other leaked databases suggesting that it has been planned for some time.
With poor password management, a single password compromised in a leak like this can be the undoing of your business, putting both your own and your customer’s data at risk. The leaked file will now likely be used by hackers to target businesses, so it is important to take action now.
What Can I Do?
If you have been putting off changing your passwords, or if you use the same password for every system, now is the time to create secure and unique passwords for every platform you use.
We would highly recommend encouraging all employees to change their passwords and ensure every password they use is unique.
Additionally, businesses and individuals should ensure that multi-factor authentication (MFA) is being used – this extra level of security means that hackers cannot gain access without verifying their connection to the login, even with the password. For example, a text message sent to the number that is connected to the account and the user must input the code to verify the login attempt.
If you are concerned about passwords being compromised, we can provide dark web scanning and monitoring tools to identify breaches and password management tools to take the stress out of remembering and storing multiple passwords whilst making your systems as secure as possible.
Other cyber security measures such as staff training, internal controls, regular software updates, end to end encryption and vulnerability testing can also improve the overall cyber security of your business.
Top Tips for Better Password Security
A password is the first line of defence in your businesses armoury against cyber attacks, but with 81% of data breaches occurring as a result of weak or stolen passwords – it’s clear there is progress to be made in the fight against cyber crime.
As this leak has highlighted, simply having a strong password isn’t enough to prevent your business from being at risk. Our top tips for better password security are:
- Use a strong password for each platform – use a mixture of letters, numbers and symbols to create a password that can’t be guessed.
- Use a unique password for every platform – this means that if one password is breached, your other systems remain secure.
- Change your password regularly.
- Avoid logging into platforms when using devices or networks you don’t control such as when using public Wi-Fi.
- Do not use any personal information in your password that can easily be found out, such as your birthday, partners name or mother’s maiden name.
- When an employee leaves your business, ensure passwords are updated or their access is removed.
- Avoid writing passwords down, be that on paper in a notebook or on a platform like Microsoft Word.
- Ensure staff have appropriate training to empower them to understand cyber security and recognise threats.
Password Management Tools
With unique and complex passwords for every platform, it’s not feasible to remember all of them without making a note somewhere which can then compromise all of your passwords.
Enter the password manager, these powerful tools store and remember all of your password data and help ensure your password security is up to scratch. Features include:
- Password Management – The tools primary function is password management, meaning it automatically suggests and remembers strong passwords for employees. These then auto populate when the website is visited, meaning you can grant access to systems without staff ever actually seeing the password.
- Policy Enforcement – To ensure your staff set strong passwords, you can enforce policies that dictate the length and uniqueness of passwords used.
- Security Audit – This function scores users (and your business as a whole) based on the strength of your password security and provides recommendations for improvement.
- Role Based Access – Role based access means that you can share passwords only with the people that need them, this allows you to better track who has access to what systems.
- Multi-Factor Authentication – The tool has built-in multi factor authentication, meaning there is no need to use an external device.
To find out more about how a password manager could improve the cyber security of your business and reduce the risk of a data breach, call us today on 0117 975 9523 or fill out a contact form to arrange a free demo.
Cyber Essentials
To improve cyber security and provide complete peace of mind for stakeholders, customers and employees, many businesses have become certified with the Government-backed Cyber Essentials scheme.
The Cyber Essentials scheme helps protect your business from the most common forms of cyber attack and can help you win more business through added value to customers.
Some Government contracts now require Cyber Essentials for consideration and it’s expected that many larger businesses will follow suit in ensuring suppliers have this accreditation before working with them.
To find out more about getting Cyber Essentials certified, give one of our team a call on 0117 975 9523 or fill out a contact form and we will get back to you.
Secure Your Business IT Today
The ‘RockYou2021’ password leak wasn’t the first of its kind and it will not be the last.
As we become more and more reliant on digital services, applications and platforms, the risk of cyber attacks grows.
To take the first steps towards a more cyber secure business – schedule a free consultation with one of cyber security experts today.