Our thoughts on the future of digital innovation and the cloud.
Microsoft says:
With the increased use of cloud services and mobile devices comes an increase in the risk of security breaches and cyberattacks. Ransomware, phishing attacks, malware and other threats are becoming more frequent and widespread — making it more important than ever for organizations to understand their exposure to risk, password security, and the steps they need to take to stay secure.
The Invero perspective:
It’s critical to safeguard yourself and your company against phishing, ransomware, and other malicious threats. Any user, regardless how savvy, can be caught off-guard, because scams can be deceptively well designed. Once breached, a system can be costly to restore to regular use.
Statistics show that:
- The average cost of a data breach, per incident, is $4 million
- 81% of breaches involve weak or stolen passwords
- Over 250,000 new malware samples are created and spread daily, and
- 75% of users employ only three or four passwords across all their accounts
Password security is a key part of your safety infrastructure. Typically, it’s up to each individual to create and update passwords, and this itself isn’t a bad thing. However, it is nearly impossible to ensure each of your staff is using appropriate passwords for all the accounts they access. Yes, passwords, plural: that means a different password for every login.
There’s plenty of advice available about how to create a secure password. Traditionally this means using at least 12 characters, a combination of upper and lower case, and the inclusion of numbers and symbols. However, words and phrases that form the password should not be obvious or easily guessed. A string of four non-sequential words, like “building rain diamond monitor” could form the backbone of a password, because they don’t normally sit together as a phrase. And, of course, these should be updated frequently regardless.
With an ever-growing number of logins to keep track of, and the need for secure and oft-updated passwords, it can be tempting to rely on just a few. But this is a major weakness that malicious individuals can easily exploit.
Let technology help with password security
Fortunately, while technology includes vulnerabilities, it is also at the forefront of prevention and remediation. Few companies have the security knowledge and capability that Microsoft enjoys.
Deploying Office 365’s password security features is a built-in benefit that helps keep you and your business safe. It resists common attacks, contains breaches when they do occur, and, importantly, provides password security features which cascade down to its users.
Password security starts at the top
Readers of our blog know that we at Invero are ardent about cloud governance. It is vital to have a framework in place that both controls for cloud practices, and which can uncover efficiencies and other untapped value.
Password governance – to riff on the theme – is likewise highly important. Organizations should have a high-level policy and practice in place, which set the bar for best practice. From this, administrators can set appropriate parameters for users.
Surprisingly, common assumptions about good password practices are often incorrect. Password expiration requirements, mandatory long passwords, and multiple character sets may do more harm than good. Rather than create security, they instead push people toward predictable passwords which they are likely to remember. The trouble is, these passwords are also highly guessable and are more easily cracked.
Cyber criminals know this, so they run their dictionary attacks using the most common substitutions, “$” for “s”, “@” for “a,” “1” for “l”.
https://docs.microsoft.com/en-us/office365/admin/misc/password-policy-recommendations?view=o365-worldwide
There is another way
Office 365 encourages the adoption of Multi-Factor Authentication (MFA). This requires a second piece of information at login, in addition to a password. Users may be asked to enter an alternative email, a phone number, or a code sent by text to a personal device. This not only keeps the account much more secure, but helps to verify the user should they forget their password and require a reset.
MFA is just one way that Office 365 helps to keep your company’s password practices secure. As your trusted digital advisor, Invero can help you identify and establish specific best practices to keep your business secure.
Not sure if you’re secure? Take this handy quiz to find out.