Millions of employees fail password basics. Do yours?

How many of your employees have a guessable password? We are seeing a rise in business email compromise claims and cyber incidents are becoming increasingly commonplace. It’s more important than ever that people understand the role they play in keeping the business – and themselves - safe. 

The UK’s Government Communications Headquarters (GCHQ) ran a cyber survey in 2019 and found a major link between weak passwords and cyber crime. The research revealed that 23.2m cyber victims worldwide had used ‘123456’, another 7.7m used ‘123456789’, 3.8m used ‘qwerty’ and 3.6m even used the word ‘password.’

Be random

The National Cyber Security Centre (NCSC) recommends that selecting a purely random group of three words can make a strong, hard-to-guess password. For example, “ElephantCornflakeBonzai” is unlikely to feature on any of the dark web’s available datasheets of common, guessable passwords.   

Avoid password reuse

Another avoidable issue in addition to easy to hack passwords is password re-use. 

For example; if you use the same password for your work email, your different work permissions across the company Network, your personal email and also all of your social media - you create untold opportunity for hackers to gain access to a range of data and information and put yourself and others at risk. 

Consider a password manager

A recommended way to strengthen your passwords is by using a password manager. 

This software helps generate and retrieve complex passwords and stores them in an encrypted database. Businesses can also introduce (MFA) Multi-factor authentication which requires in addition to a password, another piece of unique data to confirm identity when logging in. 

Examples of unique data could be challenge/response questions of obscure personal information, PIN numbers or magnetic stripe cards with security codes. 

Choosing your own password? Follow these golden rules

  • Don’t use the same password more than once
  • Never use a word or phrase of special importance to you (like a birthday, family member or football team). That kind of information can be found online.
  • Avoid number sequences – many work systems won’t accept them anyway
  • Make sure it’s long enough – between eight and 14 characters
  • Use a mix of upper and lower-case letters and symbols
  • A random group of 3 words can also be a strong password and is recommended by the National Cyber Security Centre (NCSC)
  • Update your passwords regularly

The value of cyber insurance:

Unfortunately, businesses are unlikely to be able to fend off every threat that they face, as there are so many evolving risk factors today and attackers are becoming more sophisticated every day. 

While certainly useful, the above advice won’t protect you from phishing, malware or code injections for example.

In the event that you do suffer a cyber incident be confident that you have a Cyber Insurance policy in place to assist you with incident response and the specialist expertise required to identify, mitigate and remove any threat.

To find out more about cyber insurance, please give me a call or drop me a message via the website. 


Kathryn Brown

Kathryn is responsible for Howden’s cyber offering, working with a number of businesses to manage cyber risk and implement the right risk transfer solutions. Kathryn is an ACII qualified Chartered Insurance Broker - and with over 10 years’ experience in the industry, there isn’t much she hasn’t seen.

Get in touch