World Password Day: The Perfect Opportunity for a Security Check-up

Allow us to be among the first to wish you a Happy World Password Day!

Established in 2013 by Intel, World Password Day is observed on the first Thursday in May with the goals of raising awareness about the importance of good password hygiene and encouraging professionals to recognize the role that strong passwords play in securing their digital lives.

In honor of this important cybersecurity holiday, we’re answering a few important questions and sharing some valuable insights that we hope will help you improve password security in your organization and reduce your vulnerability to account takeovers.

Employees at smaller organizations may assume that cybercriminals exclusively target large, multinational enterprises and, therefore, they feel adhering to password security guidelines can be less of a priority. In a similar vein, it’s not uncommon for employees at large, multinational enterprises to adopt an attitude of, “I’m one of 2,000. Why would a cybercriminal ever target me?” as a reason to be a bit more relaxed about password best practices.

Both assumptions are incorrect and put the company at risk of a cybersecurity incident.

Abnormal research as well as data from the 2022 FBI IC3 Report show credential phishing is the most common cybercrime for organizations of all sizes, across all industries. Additionally, while threat actors do often target specific roles within a business (such as executive team members and employees in the finance and HR departments), those are hardly the only employees who receive attacks.

In short, every employee at every organization is a potential target, which means every employee at every organization must prioritize good password hygiene.

At the heart of World Password Day is an emphasis on understanding that a single compromised password can cause a cascading effect with implications across the organization.

Consider the fact that 54% of all employees reuse passwords across multiple work accounts. If a threat actor successfully acquires one set of valid credentials, then in more than half the cases, they simultaneously have immediate access to several other portals or applications. This could result in instant access to private financial information and/or other valuable data—which can have particularly expensive ramifications. According to the IBM Security Cost of a Data Breach Report 2022, data breaches resulting from stolen or compromised credentials cost an average of $4.5 million. These breaches also had the longest lifecycle: 243 days to identify the breach, and another 84 days to contain it.

If the bad actor manages to gain access to an employee’s email account, they can easily reset passwords for almost every other account and work their way through the organization’s entire network. Poor password security can lead to attackers not only compromising business-critical systems and accessing sensitive databases, but also logging into collaboration apps like Slack, Microsoft Teams, and Zoom to launch additional attacks on other internal employees as well as vendors.

World Password Day is the perfect opportunity to discuss password security best practices with your workforce and identify ways to enhance password protection in your organization. Here are a few tips to reduce your vulnerability to account takeovers:

• Enact strict password rules. This includes not allowing employees to reuse passwords, mandating regular password updates, and requiring passwords of an appropriate length with at least one upper and lower case letter, one number, and one special character.

• Encourage employees to use a password manager. Employees often rely on simple passwords and reuse the same passwords because it’s more convenient. Providing an effective, user-friendly password manager that can generate and store strong passwords across devices offers employees the same convenience without the security risk.

• Enable multi-factor authentication. To create even more obstacles between an attacker and unauthorized account access, ensure that multi-factor authentication (MFA) is enabled for all accounts. If possible, require employees to use an authenticator app like Google Authenticator or Duo, rather than relying on text messages as an authentication method.

Understanding the importance of password security and ensuring you have the proper procedures and processes in place can go a long way toward preventing attackers from compromising employee accounts.

Unfortunately, without the right technology, your organization is still at risk of experiencing account takeovers. And once a threat actor has compromised an account, they can remain undetected for months.

Traditional security solutions can’t effectively detect email account takeovers in progress because they lack visibility into identity, behavior, and device attributes that indicate an account has been compromised. However, Abnormal observes and baselines normal end-user behavior, allowing it to recognize anomalies in user locations, devices, email content, and mail rules. If the platform discovers an email account takeover attack, it automatically remediates the account by immediately signing a user out of all open sessions, blocking access, and forcing a password reset.

Abnormal takes account takeover protection one step further by detecting compromised user accounts across Slack, Microsoft Teams, and Zoom. Once a compromised account has been identified, Abnormal provides security teams with a detailed timeline of suspicious authentication activity across collaboration applications, enabling analysts to investigate further and coordinate remediation.

See for yourself how Abnormal can protect your organization from email and email-like attacks. Schedule a demo today.