WHY THEY ARE IMPORTANT

Businesses continue to fail to set strong passwords, and as a result, 80% of hack-related breaches are through stolen passwords or weak and guessable passwords.¹ 59% of small businesses continue to have no visibility into employees’ password practices.² As a result, employees fail to use strong passwords or they share passwords with others. Another prevalent problem is that sixty-eight percent of small businesses do not strictly enforce password policies. Thus, employees dismiss the importance to follow password polices. However, small businesses are strongly recommended to enforce password policies, for it is one of the cheapest solutions to strengthen security measures against cybercriminals.

Strong passwords should include the following:

Minimum requirements:

• 8+ characters in length,
• Mix of upper and lowercase letters,
• One symbol (e.g. !, @, #, $, etc.),
  
• Change passwords every 60-90 days;

Ideal requirements:

• Using a pass phrase rather than a password,
• 14+ characters in length,
• More than 1 symbol,
• Using spaces in pass phrase (spaces are occasionally overlooked by password cracking tools),
• Change password every 30-60 days,
• Using symbols not common on keyboards,
• Using 2-step authentication, which thwarts password cracking attempts as cybercriminals must essentially have two passwords to access an account;
  

Remember: do not use default passwords. It makes it much easier for cybercriminals to crack an account’s password. Using easy-to-guess passwords are not enough to fully protect an account. Try to implement multi-factor authentication into payment card processing networks too, whenever possible. This might make cybercriminals rethink their hacking attempts, or just move on to the next victim. If a simple password and username is your only line of data defense, then you are certainly not doing everything you can to stop cybercriminals. Multi-levels of strong security measures are the best way to go.

Sources:

1. “80% Of Data Breaches Use Compromised Passwords.” SecureLink, 10 Dec. 2020, www.securelink.com/blog/81-hacking-related-breaches-leverage-compromised-credentials/.
2. “Six BYOD Security Best Practices for Small Businesses.” Select Communications, 22 Mar. 2018, selectcommunications.com/six-byod-security-best-practices-small-businesses/.