As many as one in five passwords used in business are unsafe because they include the name of the company or organisation, cybersecurity research has suggested.
The findings come from new research by Acronis, a data protection and cybersecurity specialist. The organisation analysed cybersecurity incidences and estimated that four in five companies do not have an established password policy and 15-20% of passwords used in the business environment include the name of the company or organisation; both of which are poor cybersecurity practices. Of the 80% of organisations that do have a password policy, the researchers found many rely on default passwords – and up to 50% of those are categorised as weak.
The company announced its findings on European Data Protection Day to alert organisations that immediate action is needed to avoid costly attacks.
“[Organisations] need to enact stronger safeguards for remote workers” – Candid Wüest, Acronis
Remote workers could pose more cybersecurity risk to an organisation than office-based workers, particularly if relying on home devices. Password stuffing was the second most used cyberattack last year, just behind phishing scams, which utilise email messages from rogue agents.
“The sudden rush to remote work during the pandemic accelerated the adoption of cloud-based solutions,” said Candid Wüest, vice-president of cyber-protection research at Acronis. “In making that transition, however, many companies didn’t keep their cybersecurity and data protection requirements properly in focus. Now, those companies are realising that ensuring data privacy is a crucial part of a holistic cyber protection strategy – one that incorporates cybersecurity and data protection – and they need to enact stronger safeguards for remote workers.”