Small Business Password Report
On World Password Day, the Australian Cyber Security Centre and Cyber Wardens have teamed up to remind small business owners everywhere to lock your digital doors, and create strong passphrases which keep cyber criminals out.
Passwords and passphrases are the first line of defence in keeping your business safe. If cyber criminals crack your password, they’ve got the keys to your business. They can steal your hard-earned cash, redirect invoices to their own bank account, access your confidential information or commit fraud by pretending to be you.
With so much at stake, it would be easy to assume that everyone knows and practices good password hygiene. But new research shows Australian small businesses have a long way to go to ensure their passwords are as safe as they could be.
A survey of more than 2000 small business owners and their employees shows that one in two has basic password vulnerabilities:
- Only 54% of businesses are consistently not sharing passwords
- Consistent use of Multi-Factor Authentication (MFA) where a second step of verification is required to access accounts only happens 53% of the time
- One in 5 never use a password manager or are unsure.
Password processes matter
The research shows that how your team manages passwords is very important. We need good processes to make sure everyone is cyber-safe, but in-person workers and casual workers need extra support to follow best practise. Here’s why.
> In-person workers and password management
The temptation to share passwords on post-its, or just shout them to the cubicle next door is one in-person workers may struggle with. The survey also found that in-person working can create increased cyber risk around password security.
WHAT TO DO ABOUT IT:
- Cyber Wardens can take a quick physical audit of office space ensuring no passwards are displayed on post-its attached to monitors.
- Include posters prompting cyber-safe password processes near workstations. We will be releasing a kit later in the year. Sign up to be the first to get it .
> Casual workers and password management
WHAT TO DO ABOUT IT:
- Ensure your casual team members have the skills and tools to keep your business cyber-safe. Consistency is key so set clear password policies and ensure everyone, casual or permanent, sticks to them.
- Regularly audit your user accounts to ensure casuals who are not actively working for you have been removed from the system. This protects your business and may save money as well.
Improving your small business password skills
So, how can you upgrade your password skills?
1. Sharing is not caring
Don’t share passwords between programs and don’t share them between team members either.
2. Upgrade from a password to a passphrase
Update your passwords to a random combination of words called a passphrase, it’s easier to remember and tougher to crack for cybercriminals. For example, “crystal onion clay pretzel”.
3. Add a virtual deadbolt to your doors
PRO TIP: Don’t forget, it’s important to roll out MFA for all of your team members and accounts.