High-ranking Executives Struggle with Password Security as Much as Regular Users
Let’s tell it like it is — everyone struggles with password hygiene to a certain extent. Of course, you’d imagine that C-level executives are immune to poor password habits. Surely they grasp the importance of strong and unique passwords. After all, high-ranking executives deal with sensitive data and because of that are often targeted by cybercrooks.
Recently we partnered with an independent research team specializing in the analysis of cyber incidents and delved deep into the password usage habits of C-level executives. We found that high ranking executives are just as human as everybody else. They tend to use and reuse the same weak passwords just like anybody else. Today, we’re taking a closer look at the study’s findings. Let’s jump in.
Easy-to-crack passwords reign supreme
The research primarily focused on a thorough analysis of password use among business owners and C-level executives such as CEOs, CMOs, and CTOs. As soon as the research team concluded the analysis, it was clear that easy-to-crack passwords are just as popular among executives as they are in the general population.
The list of top passwords used by business executives sorts passwords used by CEOs, C-level executives, managers, and business owners and details how many times each password was used. You can check out the full list of passwords here.
Among the most popular passwords used by high ranking executives we can see the good old “123456,” “qwerty,” “password,” and “1111”. Another intriguing finding was the executives’ fondness for passwords related to mythical figures such as “dragon,” or “monkey.” The research also showcased that names were also a popular choice when it came to passwords. For instance, “Tiffany,” “Charlie,” and “Michael,” all made the list.
The takeaway here is simple — high-ranking executives and business owners exhibit a strong tendency to use easy-to-crack passwords just like regular online users as seen in our Top 200 Most Common Passwords List.
The dangers of poor password hygiene
Passwords are our first line of defense when we talk about cybersecurity. It might be a cliche, but it is a powerful one.
According to the Verizon Data Breach Report, up to 80% of data breaches are the result of poor or reused passwords. What’s even worse is that the IBM report reveals that in 2021, the average global cost of a data breach reached 4.24 million USD, which indicates a 10% growth compared to 2020.
Stealing data is the modern-day gold rush. The new-age cyber pirates look for any opportunity to get their hands on as much data as possible. Often that means targeting businesses and even large corporations. For businesses, that indicates the inevitably of facing an attack: these days, it is a question of “when” rather than “if.”
To ensure a secure perimeter, companies need to stop overlooking the importance of password security and focus on fostering good password usage habits within the organization.
Security tips for businesses
For a company to stay secure, a variety of factors have to work together. Here are a few tips that can help a company regardless of its size or industry.
Use a business password manager
A reliable password manager for business combines a variety of features and tools to make password management easy and efficient. By deploying a business password manager, you will provide the organization with a single, secure place to store passwords. Essentially, such a tool as NordPass Business eliminates the need for things like password spreadsheets, which are a huge security risk.
Moreover, password managers eliminate the need to type a password manually with the autofill feature.
Also, corporate password management solutions provide an effective way to manage users, whether it’s adding or removing users or providing them with certain rights. In the NordPass Business case, the Admin Panel facilitates quick and simple user management.
Finally, most password managers do more than protect passwords. Often such tools offer ways to secure other sensitive data such as credit cards, secure notes, and other personal information. NordPass Business also provides a Password Health tool that can help companies detect weak, old, or reused passwords. Data Breach Scanner is another extremely useful tool that NordPass Business brings to the table: it allows organizations to check whether any of their domains or emails were affected by a data breach. At the end of the day, it is essential for business leaders to realize that today password management tools are an essential part of the company's security infrastructure.
Cybersecurity training for staff
Cybersecurity training should be an essential part of any company’s security efforts. Unfortunately, many small and medium enterprises tend to lack such training sessions, which means that employees are often underprepared when it comes to protecting themselves and their company from potential security breaches.
It is critical to provide employees with the basics of cybersecurity as well as to introduce them with the company’s security policies. Educational sessions can yield great results, but they should be regular to stay a step ahead of any potential threats. After all, human error remains one of the leading causes of data breaches.
Use multi-factor authentication
Multi-factor authentication (MFA) can play a critical role in a company’s overall cybersecurity strategy. MFA is a form of user authentication that provides an additional security layer to every platform or app you or your employees access and use on a daily basis.
MFA works by requesting multiple verification forms to prove the user's identity: that could be a text message, email code, or authenticator apps. You can choose an option that suits your business needs the most to ensure it does not interfere with effective workplace operations.
If you have an option to use MFA for your business accounts, you should. MFA helps with safety, productivity, and compliance. It also offers businesses an effective way to protect the organizational infrastructure.
Password security is quickly becoming a central part of corporate cybersecurity. Unfortunately, the progress is somewhat slow in a sense that we still see high ranking officials, companies on the Forbes 500 list, and regular internet users employ weak passwords.
However, our aim with studies such as this one and the previous ones is to raise as much awareness as possible and hopefully to influence a change in the way that we think of passwords and their role in overall online security.