Happy World Password Day: Is Your Law Firm’s Cyber Culture Comprehensively Embedded?
A huge section of the UK may have already overlooked National Scrabble Day, Haiku Poetry Day and International Dance Day in the past month. However, today marks an extremely important national day which could be the difference between your law firm being attacked by cyber criminals and your law firm remaining vigilant and safe from unscrupulous digital criminals.
As we enter the first Thursday in May that annually hosts this important national day, is your law firm embracing the importance associated with World Password Day?
The answer is more than likely, no, as millions of people across the globe continue to use hack-able passwords, underestimating the importance of creating a unique password to protect themselves, their business and clients from cyber criminality.
According to cyber security specialists, Avast, 50% of people worldwide use the same password to unlock multiple online accounts.
Only around 2% of people across the world with online passwords use a password manager or password generator. Despite the fact that we have a national day, celebrated globally, to recognise the importance of a comprehensive cyber hygiene philosophy, too many people are making themselves vulnerable by using obvious passwords to protect their sensitive data.
The inaugural UK Cyber Survey, released by the National Cyber Security Centre (NCSC), has found that over 23 million people are still using ‘123456’ as their main password protecting their data from unscrupulous cyber criminals.
Incredibly, 7.7 million additional password users have opted for ‘123456789’ as their main password defence. The analysis of the 100,000 most commonly re-occurring passwords highlights the increased vulnerabilities to a law firm’s security if an ordinary password is used.
In the UK alone, premier league teams like Liverpool, Chelsea, Arsenal, Manchester United and Everton are used as the main barrier of password protection by around 800,000 users. Whilst this is dangerous for a personal account, the cyber report highlights that less than half of respondents use a strong, separate password for their accounts; potentially placing a law firm’s security at risk.
The NCSC emphasised that millions of commonly used passwords are pwned (sold) on the dark web and harvested by cyber criminals. These harvested lists are then used by cyber criminals to breach the perimeters of a user’s account or used to move within a network of less defended systems.
Luis Corrons, security specialist at Avast, commented:
“Cyber criminals collect personal data, like login credentials, from various sources including data breaches, and sell it on the darknet for other cyber criminals to abuse. Creating strong and unique passwords for each online account is nearly impossible, which is why people create weak passwords that are easy to remember or re-use passwords for multiple accounts. Cyber criminals take advantage of this behaviour by trying to infiltrate accounts through brute force, attempting to use personal information to guess other passwords, or purchasing leaked credentials on the darknet to log into further accounts.”
David Lidington, Chancellor of the Duchy of Lancaster and Minister for the Cabinet Office, said:
“Given the growing global threat from cyber attacks, these findings underline the importance of using strong passwords at home and at work.”
Troy Hunt, International Web Security Expert, said: “Making good password choices is the single biggest control consumers have over their own personal security posture.
“We typically haven’t done a very good job of that either as individuals or as the organisations asking us to register with them.
“Recognising the passwords that are most likely to result in a successful account takeover is an important first step in helping people create a more secure online presence”
Is your law firm committed to regular staff cyber training? Are your employees aware of the dangers in using obvious and identical passwords for multiple accounts?