The Business Costs of Compromised Passwords

The dangers of using passwords as a means of authentication cannot be overemphasized. According to reports by IT Governance, poor password behavior is the number one cause of data breaches. Despite this, passwords are still very common in the average person’s personal and work life.

Passwords are difficult to manage and bad password habits are easy to develop because of how difficult it is to store multiple complex passwords. They are also very insecure because passwords are just too easy to guess, hack or intercept and what’s more, the legacy of bad password habits; reusing and sharing online credentials, is leading to constant cybersecurity attacks of both people’s personal accounts and enterprises.

The consequences of a cybersecurity attack from a leaked, stolen or shared password could be disastrous; a hacker could launch a highly sophisticated attack on you or your business,  causing serious short-term and long-term damages. This could lead to serious financial and legal implications and, in a worst-case scenario, a malicious attack could even sabotage your business and its operations to an extent that it may never be able to recover.

According to a 2019 password usage study, a study that involved analyzing data from over 500 American and Canadian full-time workers, about 72% of people surveyed reuse an old password when forced to change to a new one and 78% percent of them forgot their passwords in the previous 90 days.

This can be said to be as a result of the overwhelming number of passwords users have to manage because the study further showed that over 37% of respondents have over 20 passwords in their personal life, which in most cases is too much to manage effectively.

There are a lot of negative implications that come with your business’ security being compromised as a result of poor passwords, some of which are discussed below.

On average, cybersecurity attacks in 2017 alone cost enterprises $1.3 million and $117,000 for small and medium scale businesses to repair hardware and software. A data breach can also lead to legal consequences for your company if data leaked belongs to a third party or contains sensitive information.

Every single day, companies from around the world lose about 5 million records containing sensitive data due to vulnerability in their system or a human factor failure, with only a mere 4% of escaped data being protected by strong encryption and, therefore, cannot be misused.

In some cases, millions of email addresses and passwords are leaked during a single data breach.

Hacking and data breaches may also negatively affect digital data or even physical equipment. Some hackers may intentionally modify or damage data in order to harm their targets.

For many businesses, small ones especially, most sales and operations are done online - as an online presence exposes businesses to larger markets, with two-thirds of small businesses relying on websites to connect them to customers.

Hacking or data breach, in this case, however, may be seriously detrimental to your online presence; it may lead to your website being slowed down considerably as hackers try to upload and run files on your company server.

Also, if hackers try to use your IP address to attack other websites, your web hosting might be suspended or your website may shut down entirely and only display a "PAGE NOT FOUND - 404 ERROR" message, all these will also cause your company's SEO ranking to take a big hit.

When a business is hacked, its reputation also takes a huge hit, either temporarily or permanently. A large percentage of a hacked company’s customers may choose to switch over to their more secure competitor.

According to a 2019 study published on BitSight, nearly two out of five (38%) enterprises admit that they have lost business due to either a real or perceived lack of security performance within their organization. Nearly half of all executives surveyed in that same report admit that their ability to attract new customers was harmed, following a security incident.

Many businesses, especially small ones or those in their early stage, operate on low margins and may not be able to withstand the significant financial loss that comes with data breaches. 

Depending on the severity of such attacks, how stolen data is used, or the damage caused, your business might not be able to withstand the financial implications and may be forced to close all operations and shut down.

Data breaches, due to bad passwords, are bound to happen when you ask employees to create and manage their passwords without providing them with the proper tools to do so.

There are limits to how many passwords your employees can remember and how complex they can be; this, coupled with the ever-growing number of online accounts, makes it easy for your employees to settle for poor password habits and security shortcuts that put your company at risk of a data breach.

Employees often create passwords that are easy to remember and very predictable, as creating and storing different complex passwords is a burden.

Hence, it is important for employers and enterprises to sensitize their employees to keep good password behavior with some of the solutions below.

Password managers are secure software applications designed to store and manage your online credentials. They make your accounts more secure by freeing you from having to generate and remember sufficiently complex passwords, thus allowing for single-purpose passwords that meet a much higher level of security. 

From auto-filling to encrypting passwords, password managers ensure that credentials stored with them are kept secure.

Two-factor authentication makes use of newer improvements to authentication by combining two out of the three types of authentication; what you know (password, pin), what you have (bank card, sim card), and who you are (fingerprint, facial recognition).

Two-factor authentication is far more secure than passwords alone because it takes into account two forms of authentication rather than one.  Other methods of two-factor authentication include using an authenticator app like Google authenticator or Microsoft authenticator, SMS Codes, and biometrics alongside your password, for more secure verification.

One major shortcoming of both password managers and two-factor authentication that is commonly overlooked is the fact that they don’t completely eliminate the burden that is passwords', this is where passwordless authentication comes in. This provides enterprises the ability to deploy desktop MFA and strong customer authentication.

By completely replacing passwords, the passwordless authentication technology removes hackers’ most popular target, forcing them to attack all devices individually. This provides enterprises with increased security and a more secure means of authentication.

It is becoming clearer that passwords are more of a burden or headache than they are a security tool. As a business owner, protecting your personal and customer data and ensuring the security of your website has to be one of your top daily priorities.

Hackers will always try to attack your employees; the weakest link in your security infrastructure. The best way to strengthen your entire security system is to make sure both your employees and IT admins are aware of their responsibility to maintain good password security and that necessary steps are taken to provide employees with the necessary tools to fulfill this responsibility.