How to Avoid a Password Breach
As bad actors continue to target IT environments big and small, cybersecurity is no longer an additional concern but a priority. While some methods of cyber attackers are extremely advanced, many underestimate the impact of simply implementing good password practices.
With more and more of our lives becoming digital, creating and protecting unique, quality passwords is becoming increasingly important — and increasingly avoided. Although they can feel like a nuisance, proper password practices are essential to maximizing your IT security posture. As dangerous and expensive cyber attacks continuing to fill news cycles, businesses need to ensure they are minimizing every possible vulnerability. Continue reading to learn what Centre's IT experts strongly recommend to avoid a password breach and keep your business safe.
data breaches attributed
to compromised credentials
due to poor password security
Never Share Password with Anyone
Sharing of credentials goes against best practices for security—period. Passwords should be treated like a social security or credit card number. If that information is provided to someone other than you, you risk having fraudulent accounts created under your name or charges to your credit card. Your password to any account should be guarded in the same manner. If your password is compromised, the people that have your password can take on your identity online.
employees openly share passwords with co-workers,
including IT support and providers
Secure by default IT and Managed Services Providers (MSP), such as Centre Technologies, do not ask for end user passwords when assisting with an issue. If someone calls or emails asking for your credentials, you need to treat that as a phish and not provide the requested information.
It's safe to share my credentials if I receive a call from someone claiming to be with our IT provider. Right?
Hang up with that person and call your IT provider back with the phone number they provide for support and inform them of what happened.
Our IT provider needs me logged in to troubleshoot an issue, but I have meeting and need to step away… What should I do?
Coordinate to start the troubleshooting prior to the time you need to step away and enter your credentials for the person needing them to troubleshoot your issue.
Use Different Passwords for Accounts
It is best practice to use different passwords for all online accounts. It is easy to have one or two memorable passwords to use across various online accounts. But if your password is compromised, bad actors now have access to all your online accounts.
reuse the same passwords
across multiple accounts and services
Reusing passwords from your personal accounts to your business accounts is especially dangerous. Although every business is a possible target for a cyberattack, large consumer platforms and retailers, such as e-commerce sites or department stores, are at a much higher risk. When a personal account password becomes a work-related password, the vulnerabilities of those consumer sites and retailers now become vulnerabilities to your business. Moreover, the breach of a personal account puts not only your information in jeopardy, but the information of your employees, colleagues, and customers.
Reset Password If Breach Is Suspected
There is a continuous influx of passwords being added and sold on the Dark Web, an unregulated part of the internet containing stolen data and information. Additionally due to the prevalence of password reuse, a single password found on the Dark Web can often be used to access and cause harm to various accounts.
To protect your accounts and information, monitor accounts for suspicious activity that may indicate a breach or leak. Specifically, be on the look out for:
- A notification from your account with an authentication code (MFA) when you have not logged in recently
Many accounts have incorporated multi-factor authentication (MFA), sending a confirmation code to another device after a log-in. If you receive this code without having logged in, it is a direct indicator that someone else, likely a bad actor, used your password to do so.
- A notification of atypical account access
Many online accounts can be configured to send a message when your account has been accessed by a device which is not flagged as a safe, known device. If you receive a message like this, check your account for any unwanted changes and reset your password.
- An inability to access to your accounts
If, when logging in, you know you have entered the correct credentials but continue to receive an error, it is possible that your password and account have been compromised. You will need to contact the organization to reset your credentials.
While these practices can help minimizes the chance of a password breach, they are not airtight. Using a secure MSP can help your business enjoy greater IT security without dedicating significant resources to continuous monitoring and response. Centre's secure managed service customers get a Dark Web report every month detailing email addresses and accounts that have been leaked to the Dark Web.
Additionally, Centre's IT security experts set up alerts for when an employee email address for a client has been involved in a recent breach. After confirming the correct email and password combination in the leak, Centre's team will notify the customer with a list of employees who have been compromised so they can change their password.
What should I do if I suspect a password has been compromised or believe it's been provided to another party?
Immediately change your password for all accounts currently using the same password.
Password awareness and protection is one of the first and least expensive steps to greater data and business protection. Although it requires a continuous commitment, a unique password which is kept private and monitored for exposure is crucial to preventing data theft. Moreover, prioritizing cybersecurity not only prevents business disruptions and unforeseen expenditures but also fosters greater trust between you, your fellow employees, and your customers.