Last updated: 25.08.17

How stronger passwords can protect your company from cyber security risks

In the increasingly complex world of modern business cyber security, the humble password has become one of the simplest - yet also most important - tools for keeping data thieves and attackers at bay.

As technology evolves, the various services and tools that companies use to manage and safeguard their valuable data are growing ever more sophisticated - and yet all it takes to give cyber criminals free access to all of this crucial information is a weak or easily-guessed password.

However, despite the critical importance of strong passwords as a means of safeguarding company data, it remains all too common for business owners and employees alike to fail to follow best practice guidelines when it comes to selecting a strong password. Given that data security has become more central to the success or failure of a business, it's about time that companies take the necessary steps to make sure their workers are taking this issue seriously.

What are the most common passwords?

The troubling trend of weak passwords was highlighted by a report compiled earlier this year by Keeper Security, which analysed ten million passwords used across a variety of data breaches that occurred in 2016 - revealing just how many users are putting their own security at risk.

The most common password on the list was 123456, an incredibly weak and simplistic password that was nevertheless utilised by 17 per cent of the accounts analysed in this study. The remainder of the top ten was populated by equally flimsy passwords, including 123456789, qwerty, 12345678, 111111, 1234567890, 1234567, password, 123123 and 987654321.

Keeper Security's analysis noted that four of the top ten most common passwords are only six characters or shorter in length, while the top 25 passwords of 2016 were shown to account for more than 50 per cent of the ten million analysed in this study.

Why do weak passwords pose such a risk?

In a sense, it's understandable that many people prioritise ease of recollection when selecting passwords, in an era where most individuals are juggling dozens - or even hundreds - of password-protected accounts at any given time. However, that does nothing to detract from the extreme security risk this habit can pose, especially when it comes to accessing sensitive corporate systems.

Modern cyber criminals often have access to brute-force cracking software and hardware, utilising dictionary-based algorithms that can decode short passwords based on sequential key variations in a matter of seconds. However, even in cases where these kinds of tools are not available, passwords such as "123456" or "password" are so common that they can simply be guessed with no expertise whatsoever.

Once a criminal has access to a business-critical system, there's no estimating the amount of practical or reputational damage they can do, so it's essential that managers do everything in their power to make sure their organisation isn't falling short on this most basic of cyber security challenges.

What can businesses do to address this issue?

Keeper Security's report noted that the list of the most-frequently used passwords has changed very little over the past few years, despite high-profile efforts to raise awareness of the associated risks.

For businesses, this means being aware that many workers are always going to have a lax approach to password security without sufficient motivation to change. As such, companies should be looking to enshrine the importance of secure passwords as a crucial pillar of their cyber security training, with regular reminders of the necessity of following key guidelines to ensure better protection.

For example, staff should be reminded to opt for longer passwords that incorporate a variety of numerical, uppercase, lowercase and special characters wherever possible, and to avoid common passwords that rely on sequential key variations that may be vulnerable to brute force attacks. It may also be worth investing in technology such as password managers that can generate strong, unique passwords automatically, while also simplifying the process of storing and managing this information.

In doing so, businesses can make sure they are not falling into one of the most easily-avoided cyber security pitfalls, while empowering staff to make a contribution to better data protection for only a small investment of time, effort and diligence.

Summary: Using common passwords can compromise a business's entire cyber security strategy, which is why it's important for companies to make sure their staff are aware of the need to take this issue seriously.

Most common passwords of 2016

Related resources