A Russian hacking ring called CyberVor, as named by Hold Security who discovered the hack last week, has your passwords or at least there is a good chance they do.
As reported in the news, more than one billion online credentials have been collected by hackers in Russia, the largest collection of known stolen passwords to date. This security breach comes on the heels of several high profile cases earlier this year.
So how does this impact you or your business? Considering that most people use the same password for everything, if ever there was a time to review your password policy, now is that time. As I mentioned in my blog back in April about the Heartbleed security vulnerability, people should assume that their accounts may be compromised.
It shocks me that many businesses do not have a requirement to change passwords on a regular basis. The most common response I hear is that it is a hassle to try and remember a new password. Believe it or not, I’ve even heard that “our employees will revolt,” or “some people here have trouble remembering passwords.” Seriously? Why not just remove passwords altogether because without changing passwords regularly, your data is as secure as your money would be leaving it in a gym locker instead of a bank vault.
According to the Ofcom’s Adults’ Media Use and Attitudes Report 2013, 55 percent of adult internet users admit they use the same password for most, if not all, websites. What this means is that if Bill at the end of the hall is using the same password at work that he uses to shop online, his work password to your company data is now compromised as well.
Most of us feel that our data is safe if we don’t shop or bank online, however, this is a precarious position to take. Nearly all sites require some sort of login these days. Do you have a personal email account? A password is required. Do you use Facebook, Twitter, LinkedIn or any other social media site? A password is required. Most users log into websites every day and don’t realize the risks of repeating passwords. We also use the same usernames and in many situations we use our email address as the username. All of these scenarios put our data at risk.
Here are four tips to strengthen your passwords by Morgan Korn, Yahoo Finance:
- Get a good password manager
- Perform a password audit
- Search your email for history of password resets
- Wall off critical accounts
If your business isn’t enforcing a password policy that requires complex passwords that change throughout the year, your network is at risk. If you don’t have a written policy that instructs employees to use a unique password at the office, then your network is at risk. I encourage you to act now before you become part of the never-ending newsreel of victims getting hacked.
Be safe, plan and stay vigilant.