How to Avoid a Password Breach

Published on June 15, 2021

As bad actors continue to target IT environments big and small, cybersecurity is no longer an additional concern but a priority. While some methods of cyber attackers are extremely advanced, many underestimate the impact of simply implementing good password practices. 

With more and more of our lives becoming digital, creating and protecting unique, quality passwords is becoming increasingly important — and increasingly avoided. Although they can feel like a nuisance, proper password practices are essential to maximizing your IT security posture. As dangerous and expensive cyber attacks continuing to fill news cycles, businesses need to ensure they are minimizing every possible vulnerability. Continue reading to learn what Centre's IT experts strongly recommend to avoid a password breach and keep your business safe. 

81%
data breaches attributed
to compromised credentials
due to poor password security

Never Share Password with Anyone

Sharing of credentials goes against best practices for security—period.  Passwords should be treated like a social security or credit card number.  If that information is provided to someone other than you, you risk having fraudulent accounts created under your name or charges to your credit card.  Your password to any account should be guarded in the same manner.  If your password is compromised, the people that have your password can take on your identity online.

OVER
40%
employees openly share passwords with co-workers,
including IT support and providers

COMMON QUESTION:

It's safe to share my credentials if I receive a call from someone claiming to be with our IT provider. Right?

 

ANSWER:
Hang up with that person and call your IT provider back with the phone number they provide for support and inform them of what happened.

Secure by default IT and Managed Services Providers (MSP), such as Centre Technologies, do not ask for end user passwords when assisting with an issue.  If someone calls or emails asking for your credentials, you need to treat that as a phish and not provide the requested information.

COMMON QUESTION:

Our IT provider needs me logged in to troubleshoot an issue, but I have meeting and need to step away What should I do?


ANSWER:
Coordinate to start the troubleshooting prior to the time you need to step away and enter your credentials for the person needing them to troubleshoot your issue.

 

Use Different Passwords for Accounts

It is best practice to use different passwords for all online accounts.  It is easy to have one or two memorable passwords to use across various online accounts. But if your password is compromised, bad actors now have access to all your online accounts.

65%
reuse the same passwords
across multiple accounts and services

Reusing passwords from your personal accounts to your business accounts is especially dangerous. Although every business is a possible target for a cyberattack, large consumer platforms and retailers, such as e-commerce sites or department stores, are at a much higher risk. When a personal account password becomes a work-related password, the vulnerabilities of those consumer sites and retailers now become vulnerabilities to your business. Moreover, the breach of a personal account puts not only your information in jeopardy, but the information of your employees, colleagues, and customers. 

Reset Password If Breach Is Suspected

There is a continuous influx of passwords being added and sold on the Dark Web, an unregulated part of the internet containing stolen data and information. Additionally due to the prevalence of password reuse, a single password found on the Dark Web can often be used to access and cause harm to various accounts. 

To protect your accounts and information, monitor accounts for suspicious activity that may indicate a breach or leak. Specifically, be on the look out for: 

  1. A notification from your account with an authentication code (MFA) when you have not logged in recently 
    Many accounts have incorporated multi-factor authentication (MFA), sending a confirmation code to another device after a log-in. If you receive this code without having logged in, it is a direct indicator that someone else, likely a bad actor, used your password to do so. 

  2. A notification of atypical account access
    Many online accounts can be configured to send a message when your account has been accessed by a device which is not flagged as a safe, known device.  If you receive a message like this, check your account for any unwanted changes and reset your password. 

  3. An inability to access to your accounts 
    If, when logging in, you know you have entered the correct credentials but continue to receive an error, it is possible that your password and account have been compromised. You will need to contact the organization to reset your credentials.

While these practices can help minimizes the chance of a password breach, they are not airtight. Using a secure MSP can help your business enjoy greater IT security without dedicating significant resources to continuous monitoring and response. Centre's secure managed service customers get a Dark Web report every month detailing email addresses and accounts that have been leaked to the Dark Web. 

Additionally, Centre's IT security experts set up alerts for when an employee email address for a client has been involved in a recent breach. After confirming the correct email and password combination in the leak, Centre's team will notify the customer with a list of employees who have been compromised so they can change their password. 

COMMON QUESTION:

What should I do if I suspect a password has been compromised or believe it's been provided to another party?

 

ANSWER:

Immediately change your password for all accounts currently using the same password.

Password awareness and protection is one of the first and least expensive steps to greater data and business protection. Although it requires a continuous commitment, a unique password which is kept private and monitored for exposure is crucial to preventing data theft.  Moreover, prioritizing cybersecurity not only prevents business disruptions and unforeseen expenditures but also fosters greater trust between you, your fellow employees, and your customers. 

For more specific and thorough information on how your organization can improve its security posture and spread security awareness among employees, contact Centre Technologies. 

Subscribe to Our Blog

About the Author

Cybersecurity and Compliance Cybersecurity and Compliance

Organizations entrust Centre with protecting their technology ecosystem and strengthening their security posture. Centre’s cybersecurity and compliance solutions delivers layered IT security to protect businesses’ employees, customers, and content from known and unknown threats. Through employee awareness training, detailed security assessments, and 24x7 threat containment, Centre is a trusted partner for businesses seeking comprehensive network and data protection. Learn more about Cybersecurity and Compliance »

Follow on LinkedIn »