Employees have been chasing the fabled “work-life balance” for an eternity (or at least as long as there have been LinkedIn “influencers”). But the undeniable truth is that the ‘choice’ to pursue balance was taken away. The time of the pandemic has erased boundaries to the point that, for many of us, “working” and “living” are essentially one and the same.
It’s not all bad, of course. Remote and hybrid work has given office workers more flexibility than they ever thought possible. But it also means careless cybersecurity practices have the potential for broader and more damaging ripple effects.
This final week of Cybersecurity Awareness Month is all about making security an ongoing priority. For individuals today, that means keeping cybersecurity at the forefront of your mind, and borrowing best practices from both work and personal life as you connect daily. And focusing on password health is a great place to start.
“I don’t know about you, but I don’t have any more passwords left in me.”
Yeah, we hear you. Passwords are annoying. But for now, they’re an inevitable part of digital life (though some companies are starting to re-think passwords completely). And today, there’s a chance your own risky password habits have found their way into your workplace and may be putting your company’s data in jeopardy.
Since the pandemic’s arrival, the average consumer has created 15 new online accounts, according to a 2021 IBM survey. It makes sense: we’ve been stuck at home, relying on digital distractions like binging on shows, shopping online and scrolling on social media to pass the time. In juggling so many new and existing online accounts, 82% of people “gave up,” so to speak, and admit to reusing their passwords and credentials at least some of the time, the same IBM survey found.
All the while, workers need to access their company’s network — often from home offices and on personal devices — to do their jobs. A May 2021 HP report found that more than 70% of surveyed employees claim to have access to more company data more frequently than they did before the pandemic. And in too many cases, they’re re-using passwords from other personal accounts to unlock access to customer data, financial records and HR files. What’s more, they’re increasingly using their work devices for personal tasks and even sharing passwords for things like streaming services with friends and family.
It’s a vicious cycle, and attackers are taking full advantage: people are sick of creating and remembering new passwords, so they create ones that are (too) easy to remember, reuse them in multiple places and even share them freely. Bad actors easily crack and compromise these passwords and use them to propagate further attacks — both on other consumers and the companies they work for.
“Someone cracked my password. Now I need to rename my dog.”
Drawing on cybersecurity best practices for both consumers and corporations, here are seven simple steps for boosting online safety:
1. Do a full password reset. Block some time and reset all your personal online passwords. Follow this helpful U.S Cybersecurity and Infrastructure Security Agency (CISA) guidance on things like password length and complexity.
2. Don’t reduce, reuse and recycle. Your passwords, that is. If you’re using the same password across all personal and work accounts, you are essentially opening the door to attackers who can waltz in and gain access to everything.
3. Protect your passwords. It’s a bad habit to store passwords in your browsers. Password managers are not foolproof, but they’re a better option for personal use. An even stronger way to protect a password is to validate it with something unique to you — like your phone or your fingerprint. Enable multi-factor authentication (MFA), utilizing push notifications or biometrics for any service that requires logging in, such as email, banking or social media.
4. Focus on prevention: Never click on suspicious links or open strange attachments and only download software from trusted sources. Phishing and social engineering attacks are still among the most common origins of password theft and data breaches.
5. Browse with caution. Anytime you browse the web at home, always login and run as a “guest” (you’ll see this option when you first turn on your computer and see a list of user profiles). This will give you just enough access to do what you need to do while reducing exposure.
6. Set up account monitoring. It’s also a good idea to set up alerts on your personal accounts to help you recognize and respond to suspicious activity, like fraudulent bank charges, before they become big problems.
7. Pay attention to your devices. Always change default passwords and usernames for home routers and internet-connected devices (thermostats, refrigerators, baby monitors and more) to make them more secure. CISA provides some great tips on ways to protect your digital home and boost your wireless security.
These baseline steps of changing passwords, limiting access, layering login security and monitoring activity are fundamentally the same, whether you’re an individual or company working to #BeCyberSmart. Cybersecurity can’t be an afterthought, and you can apologize to the Netflix freeloaders in your life later. It just must come first.