Cyber News Roundup: How Bad Passwords Can Foil Good Security

Editor’s Note: This is your cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive ongoing updates here.

While companies of all sizes try to find ways to prevent cybersecurity breaches, the key aspect of protecting a company lies with its employees. According to Statista, cybercrime monetary damages totaled $1.33 billion in 2016.  To help combat this growing problem, the Forbes Technology Council offered seven tips for how to tackle this ongoing issue.

  • Establish Awareness: Create cybersecurity awareness programs that include frequent employee training and regularly updated rules and processes for employees to follow.
  • Treat Data Seriously: Implement policies and procedures for protecting valuable customer data to create a culture of compliance.
  • Make It Personal: Protecting customer and partner data is very important, but treating employee information securely makes employees feel that they are valuable to the company.
  • Make It Easy: A large portion of the today’s workforce has grown up surrounded by easy-to-use technology and cloud-based applications. Make sure that your company’s technology is easy to use.
  • Improve Understanding: Design training programs that teach employees the importance of using cybersecurity procedures and the impact that cyberthreats can have on both the company and the employee.
  • Give Employees A ‘Why’: Explain to employees that implementing and adhering to cybersecurity policies helps prevent the spread of cybersecurity breaches.
  • Articulate Clearly: Incorporate employee feedback before implementing cybersecurity policies. These policies will impact the employees on a daily basis and it’s important that the company empower employees to contribute to the safety policies.

No more using “password” as a password

California has passed a new law that bans default passwords in all consumer electronics starting in 2020. That means that all new electronic devices that are built in California has to come with increased security features. That means no more “admin,” “1234,” or “password” can be installed as a default password.

According to TechCrunch, all new devices must “contain a security feature that requires a user to generate a new means of authentication before access is granted to the device for the first time.” This means that customers must create a new password the first time that the new device is turned on.

Keep passwords to yourself

Dark Reading reported that, on average, employees share six passwords with co-workers. Worse yet, half of the employees reuse passwords among work and personal accounts.

However, there is some good news in the report. “Forty-five percent of businesses are using multifactor authentication (MFA), up from 24.5% last year, according to a study by password manager LastPass of 43,000 organizations that use its service. Some 63% of organizations that employ MFA are in the US.”

It’s also worth noting that passwords might become a thing of the past. ZDNet explained that Microsoft has declared the “end of the password era” by bringing its Authenticator sign-in app to the enterprise with support for the Azure Active Directory (AD) identity management service.

According to Rob Lefferts, Microsoft corporate vice president of security, “Using a multi-factor sign-in method can reduce compromise by 99.9 percent, and you can make the user experience simpler by eliminating passwords.”

Cyber Oregon partner blog post of interest