Cybercriminals Are Always One Weak Password Away From Cracking Your Company’s Digital Assets

An enterprise’s networks are only as secure as the habits of its most careless employee, meaning comprehensive cybersecurity education is a must.

In light of the fact that an overwhelming 96% of mobile devices do not come equipped with strong end-to-end encryption protection, it’s hardly an exaggeration to say that enterprise IT teams in the era of BYOD policies face threats from all sides.

The Houston Astros learned this the hard way in 2013, when they suffered $1.7 million worth of damage at the hands of one of their rivals, the St. Louis Cardinals. But the Cardinals didn’t hire some cybercriminal mastermind to do espionage for them. Rather, Christopher Correa, a member of the team’s executive staff, managed to steal a wealth of proprietary statistics, scouting reports, and player analytics data from the Astros’ systems, thanks to an all-too-common cybersecurity pitfall: a weak password.

Stories like this make it clear how challenging the job of enterprise IT teams really is. No matter how much you invest in network security, no matter how tightly you lock down each of your endpoints, all that work can easily be undone by a single careless employee.

Conveniently Insecure

In a now-infamous 2009 report, Gartner lamented, “Despite widespread security concerns, consumers continue to rely on service providers to protect their safety and persist in using unsafe password management practices, preferring to maintain the status quo rather than exploring new security methods.”

Companies that believe people show better cybersecurity habits in the workplace than they do at home are sorely mistaken. Whether at home or in the workplace, convenience trumps security for the vast majority of Americans: “123456” and “Password” rank as the most commonly used passwords year after year.

And while IBM’s recent Future of Identity study suggests that workers have made slight improvements to their online behavior in the decade since the Gartner report, it also reveals a range of concerning trends. For instance, only 42% of millennials — who by some tallies already comprise nearly half of the American workforce — use complex passwords featuring numbers, letters, and special characters. Baby Boomers, on the other hand, are not only more likely to use complex passwords (49%), but also use an average of twelve distinct passwords. That’s more than twice the average among millennials and Generation Z.

Strengthening Weak Links

The prevalence of less-than-best password practices is certainly frustrating for cybersecurity professionals, but there are a number of steps that enterprise IT teams can take to reduce the cost of data breaches or, even better, prevent them altogether.

For example, according to research from the Ponemon Institute, implementing strong encryption protocols across an enterprise network reduces the per-record cost of a breach by $12.00 per record. Similarly, hiring a Chief Information Security Officer (CISO) reduces costs by $5.60 per record, and providing comprehensive employee training reduces costs by $8.00 per record.

This final measure is perhaps the easiest to introduce, and is therefore something that every enterprise should consider. At the end of the day, effective cybersecurity comes down to people, and the fact of the matter is that most people are not going to follow cybersecurity best practices unless they’re trained to do so.

That said, enterprise cybersecurity teams shouldn’t shy away from accommodating their workforce’s preferences where they can. For instance, millennials are far more open to password alternatives like fingerprint readers than older generations, and cybersecurity teams should be willing to establish procedures for such alternatives soon. As long as it’s done properly, there’s no harm in meeting employees halfway.

The Wisdom of Outsourcing Cybersecurity Training

For many corporate IT teams, the only things preventing them from providing adequate cybersecurity training are time and know-how. Fortunately, there’s any easy way around both of these issues: managed IT services.

In addition to offering an enterprise the personpower and expertise of a top-notch team of network engineers at a price-point well below that of the payroll for a similarly well-qualified in-house staff, managed IT services providers like Turn-key Technologies can provide comprehensive, ongoing training to employees new and old.

Best practices evolve quickly in the world of cybersecurity, and in many cases, it’s simply unreasonable to expect your in-house IT team to keep pace with these developments themselves, let alone educate non-technical staff in real time. As such, delegating employee training to an outside partner is not only the easiest, but often the only way for enterprises to ensure that the weakest link in their cybersecurity chain is strong enough to withstand all the threats it faces on a daily basis.

By Craig Badrick

03.20.2018

Sign up for the TTI Newsletter