Still Using Weak Passwords? Do This Instead.
Public entities possess hundreds of thousands of records containing personally identifiable information on their constituents. Creating strong, unique passwords provides a crucial defense from identity theft and financial fraud for municipalities.
Although widely known as the first line of defense in avoiding cybercrime, passwords have long been firmly established as the weakest link in public entity cybersecurity protocol. Poorly managed passwords remain the most significant and preventable threat to your public entity’s security posture due to the unfortunate reality that people continue to use weak login passwords. To make matters worse, these same passwords are often used across various devices, platforms, and websites. In these cases, by hacking one password, cybercriminals effectively open the doors to your entire digital ecosystem.
Passwords are often the only barrier between a public entity and personal information. While there are several programs that cyber threat actors use to ‘crack’ passwords, choosing strong passwords and keeping them secure can make it more difficult for bad actors to gain unauthorized access to sensitive data.
And as much as we try to convince ourselves that our passwords are impenetrable, professional hackers use tools and tactics to help unveil them in seconds. Weak password security can lead to data breaches, identity theft, and even computer hijacking, allowing criminals to access and exploit your entity’s personally identifiable records.
Are you still using your cat’s name, followed by an exclamation point, as your password? Do you use the same password for a variety of logins? If so, it’s time for a change. And when it comes to protecting yourself, your colleagues, and the community you serve, there’s no better time than the present.
Four easy steps to becoming a Password Pro:
- Keep it complicated. Consistently updating passwords containing more than ten characters, with a mix of letters, numbers, and symbols, can help significantly reduce your risk of being hacked.
- Don’t make it personal. A study conducted by Morris and Thompson in 1978 demonstrated that it is easier to guess passwords through personal information (family members’ names, birthdays, home addresses, etc.) than to decipher them.
- Use random passphrases. A passphrase (e.g., “memo-tiger-thread-glue-button” or “Isn’t that quarterback the best in New England?”) can be easier for you to remember but more difficult to hack. The key to creating solid passphrases is randomness.
- Get Creative. Consider using phonetic replacements, such as “ph” instead of “F.” Use an exclamation point (!) to replace the letters (I) or (L), or make deliberate misspellings, such as “enjin” instead of “engine.”
- Get password (and cyber) smart. The helpful tips above are examples of the initial steps you can take to protect yourself, your colleagues, and your community against cybercrime. CIRMA’s member-exclusive Cyber Webinar Series offers contextual scenarios and the latest information on successfully managing password security best practices. Sign in to CIRMA e-learning to access this valuable member benefit, or contact us to get started.
Most of our professional and personal business is conducted online, and maintaining strong and secure passwords is crucial to mitigating cyber-related risks and exposures. Training and education remain the most effective defense against cybercrime, and knowing how to protect yourself and your organization is easier than ever. Learn at your own pace and when and where you choose with CIRMA’s e-learning resources, 24 hours a day, seven days a week.
If you haven’t taken advantage of the many benefits available through CIRMA’s e-learning platform, contact your local CIRMA Risk Management representative today to get started. There is no additional charge to CIRMA members or their employees for this service.
Check out CIRMA’s Cyber Center to learn how CIRMA can help your organization prevent and manage cyber exposures.
Cyber Resources Created for CIRMA Members: