Meet the Challenge of World Password Day
The best and most expensive cybersecurity tools all have the same weakness: a password. If the password stays known only to its user, it works well to protect information and systems.
Unfortunately, users make a lot of mistakes with passwords that can create devastating consequences for organizations. When hackers destroy and steal because of user ignorance, the organization will still carry the blame publicly. While it may seem unfair, this reality is grounded in consumer expectations.
Raising awareness and increasing education today with World Password Day is an important piece of the security puzzle, but organizations must put actions behind words to protect their reputation. We learned in FleishmanHillard’s latest Authenticity Gap Study that consumers want to see companies take a stand and demand action on data privacy and security issues.
The various recommended actions for World Password Day mostly focus on actions users can take. These actions don’t fully reflect the responsibility users and organizations share in fighting hackers. Organizations trust users to be good stewards of their system access by setting unique passwords and not clicking strange links. More importantly, users expect organizations to have advanced security policies and programs to protect them.
Organizations that fail to understand and meet stakeholder expectations on data privacy and security will be doomed to maintain confidence in the case of a crisis. Here are some ways organizations can put World Password Day best practices to work to close the authenticity gap.
- Strong Password: Going through a database to scrub all the “password123” might seems simple, but strong security means not allowing that information to be visible to employees. Instead, think about extending the required length and complexity of a new password to stop hackers from using computer programs to guess what it is. Also, strong passwords can be stolen when users visit unsecure sites, open suspicious emails or don’t keep their antivirus software updated. By monitoring your network for computer programs that are making high volumes of login attempts or expiring old passwords, your organization can go a long way to improve security.
- Opt-in to Multi-Factor Authentication: Identities are difficult to determine virtually but having an additional layer of verification beyond a password can help. At the rate passwords are stolen, multi-factor authentication should be required for higher risk interactions or transactions. When you look at sites like Two Factor Auth, there appears to be room for organizations to improve here. The challenging part is two-factor authentication may not be enough to stop hackers.
- Password Party: While hanging out with your friends to talk about passwords is the definition of a good time, what’s cooler is when organizations audit and test how they verify identities to see how they match up to peers. The review should also include partners that have access to your information or network. This exercise will help fix weakness that can be exploited by hackers and written about by reporters.
Cost and inconvenience are the biggest challenges to justifying these types of security improvements. These barriers to better security may be impossible to overcome unless leaders in your organization can clearly and simply communicate the need internally. Organizations that regularly communicate on privacy and security are better shielded from reputational risks and can make the business case to invest in better security.
Use World Password Day as an opportunity to start a conversation in your organization and help it live up to the expectations of your key stakeholders each day.