Regarding Security Breaches and Passwords

Two of the most frequently asked questions that come across my desk are “Do I need to worry about the ‘fill in the blank’ security issue I saw on the news this week?” and “Why do you IT guys always make such a fuss about passwords?” Both questions are more closely related than you may think.

Frequently when a security breach occurs, email addresses, passwords, and other sensitive data are made available on the internet. Security firms get their hands on this data and can run statistical analysis on it; the results are terrifying. According to the firm SplashData, 10% of all users use a password on the top 25 frequent passwords list. The 5 most frequently used passwords from their 2018 list are as follows:

  1. 123456
  2. password
  3. 123456789
  4. 12345678
  5. 12345

If the above information wasn’t bad enough, many users use the same email address and password for multiple accounts at various places on the internet.

Let me run through two scenarios of what commonly occurs:

  1. Joe works for ABC Co. and his email is Joe sets up the password “123456” for his account. Someone attempts to hack Joe’s account and uses the top 25 password list. The hacker gets into Joe’s account with almost no effort.
  2. Fred works for ABC Co. and his email is Fred uses the password “Sunny2019Vacation.” Fred knows his password is strong, so he uses the same password for his Netflix account, his Bank account, and his Equifax credit service account. Hackers breach his bank, and now know that has a password of “Sunny2019Vacation.” The hacker gets into most of Fred’s accounts.

Back to the questions from the start of this blog. “Do I need to worry about the ‘fill in the blank’ security issue I saw on the news this week?” The answer to this is yes, you should be worried! If you want to protect yourself and your firm against the security issue, make sure you listen to your IT guy who makes a fuss about passwords. Ensure your users are using long passwords or passphrases, and make sure they are changed on a regular basis. Longer passwords/passphrases rarely show up on frequent password lists, and changing your password frequently ensures that should a breach happen elsewhere, you will have already changed your password.

Have other IT issues at your organization or need a deeper security conversation? Let’s chat!

By |2019-02-15T14:07:01+00:00February 15th, 2019|Security, Technology|0 Comments

About the Author:

Carl Miller
Carl Miller is a Senior Engineer on the Network Operations Center team. In addition to being a high end technical resource, he configures and manages the technology that automates tasks and prevents issues with our managed services and managed hosting clients. Carl has numerous industry certifications and 19 years of experience in the IT industry.
This material has been prepared for general informational purposes only and is not intended to be relied upon as accounting, tax, or other professional advice. Please refer to your advisors for specific advice.

Privacy Information

We use cookies to personalize the website for you and to analyze the use of our website. Click 'Privacy Options' to configure how we can interact with you and your device or computer.

Privacy policy | Close
private equity services construction accountants Agriculture Services Construction Services Non-Profit Services Government Services