Password Reuse and Cybersecurity Awareness
Forbes writes that in our current BYOD (Bring Your Own Device) world, cybersecurity awareness among an engaged workforce is necessary to navigate safely. Indeed, both increased savvy and new technologies together offer the best way forward against an ever-changing landscape of risks.
The bearing this view might have on another recent story is interesting. A new study from Microsoft has identified a whopping 44 million Microsoft and Azure cloud account holders using passwords compromised in data breaches. The main question this begs, of course, is how many of these users were aware of this fact. Password reuse is a common problem, behind the theft of countless credentials that eventually lead to a data breach. There’s no mystery to it: with so many accounts and apps, naturally it can be easier to reuse. It becomes worse if people knowingly reuse passwords they know have been compromised. In this instance that would be purely hypothetical, but it wouldn’t surprise me if there was some not-insignificant number of users who did so. Hopefully the technical know-how needed for healthy cybersecurity practice isn’t at that low a level.
Upon discovery of the compromised credentials, Microsoft forced a password reset, along with recommending multifactor authentication (MFA) for security purposes. This goes back, however, to good cyber habits among employees. According to Martin Gallo at SecureAuth Corp., MFA is not catching on as quickly as it should. A perception of business disruption and slowdown often prevents people from adopting the method. “Hopefully this report from Microsoft’s threat research team will be the wake-up call that organizations need to take passwords out of the equation.”
But the real disruption comes from not being prepared. All the more so when a BYOD or remote work policy is in play. The lines between business and personal systems blur, and the digital actions people take become magnified in their potential repercussions.
This is why education is so important. More entities need to grasp that. It’s why so many of these analysts urge proactive measures like training, incident response planning, and collaboration at all levels of an organization, so that no one team is trying to handle this on its own. The goal after all is to not be caught sitting on your hands when the time comes. If the people in your organization have a clear understanding of their roles and responsibilities, you will be that much better off.