The £2.5 Million Reason Why You Shouldn’t Reuse a Password

Thinking of strong, secure passwords for each of your online accounts can be tricky. Remembering them can be just as irritating. That’s why so many of us choose to use the same, simple password for everything. Something like ‘password123’. But weak passwords like this are easy for hackers to steal. When they are stolen, the consequences could cost your business millions of pounds. It’s not just a scare story. This sort of thing does happen. A few years ago, an American tech company had 60 million of its users’ information stolen by cybercriminals. The source of the hack was a weak, reused password. This situation could have easily been avoided. There’s a tool which can help you to make and manage strong passwords. When you use it, your chances of being breached drop considerably. So, who was this company? And what are the specific costs tied to a data leak? Let’s find out.

60 Million Dropbox Users Agree: Don’t Reuse Passwords

You may have heard of Dropbox. They make software that enables people and businesses to store and share documents online. It’s convenient. However, it means a lot of people storing sensitive information in their accounts. You can imagine the panic and disaster that would come with a data breach. Which happened in 2012. 60 million users had their emails and passwords leaked. All because of reusing a password. One of Dropbox’s employees had their LinkedIn details stolen which they also happened to be using for their corporate account. Using these details, the hacker accessed the network and seized a document containing the emails and passwords of 60 million users. Scary. The company has boosted its security standards since then, of course. They encourage their staff to use different passwords for each of their corporate logins. They use two-factor authentication, which requires users to prove who they are with at least two pieces of information. And they advise their employees to keep their strong passwords in a password manager (something we’ll get to later). But this incident does highlight the danger of reusing passwords. While this story is about one company, their situation is by no means isolated.

The High Cost of Data

In 2017, the communications company Verizon published some concerning figures in its annual Data Breach Investigations Report. 81% of hacks can be traced to weak and stolen passwords, and 70% of employees admit to reusing these. In the same year, it was reported that recuperating from a data breach could cost a UK business up to £2.5 million. The General Data Protection Regulation (GDPR), which was introduced in May 2018, only makes the consequences more severe. Using data irresponsibly can see companies fined £18 million or 4% of their annual turnover, whichever is higher. Read more: how GDPR compliance can benefit small business infrastructure Despite this, lots of people will stick to using short passwords that are easy to remember for all of their accounts. After all, coming up with strong passwords is tough. Right? It doesn’t have to be. In fact, there’s a tool that can help you to create and manage strong, secure passwords. It’s something Dropbox started using after their data breach nightmare. What is it? A password manager.

What is a Password Manager?

A password manager is a tool you can use to create and store strong passwords for each of your online accounts. Think of everywhere you’re using passwords right now. This may include your:
  • Email
  • Drive and documents
  • Business bank account
  • Customer records
  • WiFi network
  • Website backend
  • Mobile phone
Read more: social engineering red flags to watch out for in any email You may have more. If you’ve bought something for your business online, you’ll probably have created a new account each time you’ve done this. Use the same password for any of these, and a hacker could easily infiltrate all of your accounts. So having a tool that helps you to create and manage secure passwords is handy. Especially when you consider that you can do this for every account you keep. Even if you don’t want to use a password manager, there are a few do’s and don’ts you can use when coming up with and managing your passwords.

The Do’s and Don’ts of Passwords

Do:
  • Use 10 characters or more. The longer a password is, the harder it is to crack.
  • Make them complex. Use a combination of upper and lower case letters, numbers and symbols. Something like ‘H6l10ev6y1ne@wOrk!’.
  • Use mnemonics. This is where you turn a sentence into a tough code. So, ‘I like IT support’ might become ‘1.Lice.1t.Zu990Rt.’.
  • Combine random words together. For this one, you need to think of words that have absolutely nothing to do with each other. ‘fishmonger glass overdraft screwdriver’ for example.
  • Change your passwords at least once every six months. This will help you to reduce your chances of being hacked.
  • Change your password immediately if you suspect it’s been compromised. Don’t spend any time waiting or thinking about the likelihood of this happening. Just do it.
  • Encrypt all of your documents. This scrambles the data so that only users with a password, set by you, can read it.
Read more: how to encrypt your Office 365 emails and documents Don’t:
  • Repeat, or use any part of, your username in your password.
  • Use any personal information, including that of yourself and your friends and family. That includes pets.
  • Use numbers or letters in simple patterns, like ‘123456’ and ‘abcdef’.
  • Combine obvious words together, like ‘Hello there’. Substituting some of the letters with numbers – such as ‘Hell0 there’ – won’t help much either.
  • Use either of the last two methods in reverse order.
  • Have a blank password.
  • Write them down on paper anywhere. A strong password becomes weak if anyone can easily see it.
  • Share them with anyone, no matter how much you trust them. And don’t share them in emails or messaging apps either.
  • Store them in your web browser’s save history. Often, a pop-up window will ask you if you want to do this. Say no each time.
  • Type your password into a device used by someone else. If your password gets saved there, they’ll have access to it.

Summary

Reusing the same, weak passwords for each of your online accounts is a dangerous gamble. While it’s always the easier, more convenient thing to do, this comes with a high cost if you’re breached. After password reuse lead to Dropbox losing 60 million of its users’ information, they took big steps to improving security standards in their business. One of the actions they took involved using a password manager. This can help you to easily make and manage strong passwords for all of your online accounts. Using the same one over and over means a hacker can easily access any of these by getting their hands on just one set of your details. Even without a password manager, you can follow some simple best practices for making more secure passwords. This includes:
  • Using lots of characters, which are complex and random.
  • Changing them at least twice a year.
  • Changing them right away if you suspect you’ve been breached.
For more advice on cybersecurity, download a copy of our quick guide. It can show you how to make your business safer in minutes.