How Small and Mid-Sized Businesses are Faring in the Cybersecurity Landscape
When threat actors are on the prowl for lucrative plans, they search for many types of data. Some focus on bank details or credit card numbers, while others zero in on medical information or other personal details. But according to the Verizon Data Breach Investigations Report (DBIR), credentials—typically pairs of usernames and passwords—are one of the most sought-after targets.
Many large organizations have financial resources and IT teams to help protect their networks. But, for small and mid-sized businesses, the time and money needed for cybersecurity initiatives don’t exist on the same scale. As data breaches continue to rise and new types of cyberattacks seem to be around every corner, what should SMBs be doing to stay safe?
Mike Greene writes that in terms of priorities, there are a couple of challenges that SMBs consistently face.
Aged Password Habits
One issue is password policies. The vast majority of people regularly re-use passwords. When users have many accounts to juggle, they typically choose passwords that are easy for them to remember. This means that users choose one root password that they favor, and then make slight variations on it for other accounts (personal and professional). For example, they might choose an initial password like “MovieLover” and then make changes to “M0vieL0ver” or “movielover2021”. This makes it easier for a user to remember, but it also makes it easier for threat actors to guess. If any credentials have been exposed in a previous breach, it’s practically marking a shortcut to cybercriminals.
Stuck Using Default Passwords
Small and mid-sized businesses are well-positioned to be the first real adopters of IoT devices. Many pieces of technology within that category can help SMBs reduce internal costs, increase their productivity, and streamline customer service. However, as the number of connected IoT devices climbs, security conversations must evolve. At the moment, many IoT devices are shipped with a ‘default password’ that users can then manually change before deploying—and unfortunately, very few actually do change the credentials. This is an easy way to leave your professional devices completely unsecured.
Not Knowing Which Authentication Method to Use
In examining these common habits within the SMB sector, there is one point that stands out: there is no substitution for securing the password layer. As much as additional authentication strategies and re-written policies are welcome, if businesses aren’t locking their metaphorical front doors, they’re still at a massive risk for a break-in.
Businesses need to move quickly and establish good password security because passwords are here to stay. Referring to the high standards indicated by NIST is a great place to start. A quick glance through the guidelines will show that one of the most transformative strategies is to screen for compromised credentials.
Screening for compromised credentials is a defensive strategy that addresses the issue directly. Accessing an automated screening service that continually checks passwords—at the moment when a new password is created as well as on an ongoing basis—is also one of the most cost-effective strategies. It takes the pressure off employees to create massively complex, unique passwords for each account, and the automated service means that it’s not draining time and resources away from other important aspects of the business.
Depending on both the size of your business and how integrated your services are into the digital landscape, it’s important to find solutions that fit your company and team. With a dynamic, customizable credential screening service like Enzoic, you’re off to a strong start.