Password Reuse

In a world where data breaches and scams are a constant threat, one of your main priorities as a business owner is keeping your sensitive company and employee information safe. As we’ve seen in the recent data breaches of Myspace, LinkedIn and Tumblr, password reuse has allowed hackers to obtain personal data from various sites and accounts by only hacking into one site.

Understanding password reuse

Password reuse occurs when a username and password combination is used for multiple accounts. Criminals take advantage of the fact that 59 percent of consumers are reusing passwords, and that 61 percent are more likely to share work passwords than personal ones. In the case of the LinkedIn data breach, hackers stole email and passwords from one site and gained access to users’ other accounts like Amazon and Pandora Radio using the same credentials.

Password reuse is not just a consumer problem using social media networks. A recent data breach of the Khronos Group speaks to the dangers that businesses face when reusing usernames and passwords for more than one site or network. Your business’ sensitive information could be at risk if employees reuse your company’s credentials for other personal and business-related accounts.

What happened?

Khronos Group is an online forum that software developers use as a tool to build software for their own companies. Developers from software companies utilize this platform to obtain universal application processing interfaces (APIs) and to collaborate with other developers across various platforms.

Motherboard reported that the group confirmed a data breach of nearly 3,000 accounts on the forum. Compromised information includes usernames, email address, passwords, IP addresses and physical addresses of employees who work at big name companies such as Google, Apple, IBM and Toshiba.

What this means for business owners

Criminals prey on employee data more than consumer data because it provides a window into a business’ sensitive data — far more valuable than the average individual’s personal information. If your employees are not aware of the problems that password reuse can pose to your company, they may be unknowingly putting your business at risk for fraud schemes like business email compromise and other types of scams.

What should you do?

  • Educate your employees about the risks of password reuse.
    Encourage them to use different username and password combinations for each site where they have an account and avoid using business credentials for sites outside of your company.
  • Implement a password tool that generates unique passwords.
    Utilizing a password generator guarantees random passwords for each site used by your company. Password tools create strong, unique passwords to thwart hackers from using stolen credentials on other sites.
  • Change passwords for business accounts regularly.
    Whether it be for business or personal accounts, passwords should be changed every 90 days to prevent hackers from gaining access to accounts, even if they have already been compromised.

Follow these tips to protect both your employees’ and your business’ sensitive data. Continue following posts on Fighting Identity Crimes to stay up-to-date on the latest data breaches, scams and tips from our industry experts about how to keep your valuable information safe from cybercriminals.