Employees reuse passwords 13 times, on average. What can you do?
Recent statistics on password behavior are worrisome. On average, employees reuse around 13 passwords.
Why is password reuse critically dangerous in the business environment?
What can you do to prevent employees from recycling their credentials?
Risks associated with password reuse at work
Reused credentials significantly increase the risk of a successful data breach. This applies to all accounts, personal and corporate included.
Yet, the impact after the personal and business data breach is radically different.
Data breach of a personal account caused by reused passwords is a single person’s responsibility. Yet, when a corporate account is breached, the consequences affect many people.
Why is it dangerous to reuse corporate passwords?
In 2021, over 61% of all data breaches were related to compromised credentials.
Employees who reuse the same password on a few accounts facilitate the task for cybercriminals.
Since password reuse is a common mistake in password management, hackers exploit it. As soon as they leak one account (email address and password), they try the same combination on other platforms.
If you recycled the same password on multiple platforms, there is a high chance at least a few accounts will get leaked too.
It is critically dangerous in the workplace because such a small mistake can lead to a significant data loss.
Case analysis: New York City Law Department data leak
Last year, New York City Law Department fell victim to a cyber-attack due to a reckless password management mistake.
During the cyber attack, cybercriminals gained access to sensitive information, including data about thousands of department employees, medical records, and the identities of people charged with serious crimes.
The data leak happened because hackers logged in to one of the employee’s accounts by using previously leaked credentials.
The Department received harsh criticism due to the lack of compliance with city IT standards.
Such an attack could have been easily prevented.
How to improve password security and prevent corporate password reuse ?
Preventing employees from reusing passwords is possible with effective password management rules and company-wide policies.
Here are the main criteria you should consider to improve business-wide password security:
- Providing education
First, the change should start with education. If employees are not aware of the risks of password reuse, it is not likely that they will change their habits on their own.
Regular cybersecurity training on password management is essential for employees to evaluate the impact of their personal responsibility.
- Presenting basic password hygiene rules
Effective defense against cyber threats involves keeping good password hygiene rules:
- creating complex and unique passwords,
- using different passwords for different accounts,
- avoiding identifiable information in passwords (names, dates of birth, hobbies, etc.)
Also, stress the importance of Two-factor authentication. This second layer of security can block around 99% of all attacks.
If an employee from New York City Law Department had it turned on, the company would have avoided the data breach.
Therefore, daily password hygiene is critically important for a secure workspace.
- Offering alternative methods to manage passwords
Forbidding employees of reusing passwords will not change poor credential management habits. One person, on average, has around 100 passwords.
The lack of alternative ways to securely store and share passwords encourages employees to engage in other risky habits. It is impossible to remember many different and secure passwords.
Introduce a password manager for more convenient and efficient data management inside the team.
How can a password manager improve data management inside the team?
An effective password manager stores all credentials encrypted in a secure vault. The employee only needs to remember one password to unlock the account and access other credentials.
Usually, when people start using a secure password manager, they stop memorizing their passwords for most accounts. (And that’s how it should be!)
The tool generates a safe password and stores it in a vault. The password manager automatically fills in credentials whenever an employee visits a website.
Last, an effective password manager fully replaces the temptation to reuse passwords.
It offers an easier and incomparably more secure way to manage sensitive data.
Try out PassCamp and see it for yourself.