Back
Cyber Security Training & Software for Companies | MetaCompliance

Products

Discover our suite of personalised Security Awareness Training solutions, designed to empower and educate your team against modern cyber threats. From policy management to phishing simulations, our platform equips your workforce with the knowledge and skills needed to safeguard your organisation.

Cyber Security eLearning

Cyber Security eLearning to Explore our Award-Winning eLearning Library, Tailored for Every Department

Security Awareness Automation

Schedule Your Annual Awareness Campaign In A Few Clicks

Phishing Simulation

Stop Phishing Attacks In Their Tracks With Award-Winning Phishing Software

Policy Management

Centralise Your Policies In One Place And Effortlessly Manage Policy Lifecycles

Privacy Management

Control, Monitor, and Manage Compliance with Ease

Incident Management

Take Control Of Internal Incidents And Remediate What Matters

Back
Industry

Industries

Explore the versatility of our solutions across diverse industries. From the dynamic tech sector to healthcare, delve into how our solutions are making waves across multiple sectors. 


Financial Services

Creating A First Line Of Defence For Financial Service Organisations

Governments

A Go-To Security Awareness Solution For Governments

Enterprises

A Security Awareness Training Solution For Large Enterprises

Remote Workers

Embed A Culture Of Security Awareness - Even At Home

Education Sector

Engaging Security Awareness Training For The Education Sector

Healthcare Workers

See Our Tailored Security Awareness For Healthcare Workers

Tech Industry

Transforming Security Awareness Training In The Tech Industry

NIS2 Compliance

Support Your Nis2 Compliance Requirements With Cyber Security Awareness Initiatives

Back
Resources

Resources

From posters and policies to ultimate guides and case studies, our free awareness assets can be used to help improve cyber security awareness within your organisation.

Cyber Security Awareness For Dummies

An Indispensable Resource For Creating A Culture Of Cyber Awareness

Dummies Guide To Cyber Security Elearning

The Ultimate Guide To Implementing Effective Cyber Security Elearning

Ultimate Guide To Phishing

Educate Employees About How To Detect And Prevent Phishing Attacks

Free Awareness Posters

Download These Complimentary Posters To Enhance Employee Vigilance

Anti Phishing Policy

Create A Security-Conscious Culture And Promote Awareness Of Cyber Security Threats

Case Studies

Hear How We’re Helping Our Customers Drive Positive Behaviour In Their Organisations

A-Z Cyber Security Terminology

A Glossary Of Must-Know Cyber Security Terms

Cyber Security Behavioural Maturity Model

Audit Your Awareness Training And Benchmark Your Organisation Against Best Practice

Free Stuff

Download Our Free Awareness Assets To Improve Cyber Security Awareness In Your Organisation

Back
MetaCompliance | Cyber Security Training & Software for Employees

About

With 18+ years of experience in the Cyber Security and Compliance market, MetaCompliance provides an innovative solution for staff information security awareness and incident management automation. The MetaCompliance platform was created to meet customer needs for a single, comprehensive solution to manage the people risks surrounding Cyber Security, Data Protection and Compliance.

Why Choose Us

Learn Why Metacompliance Is The Trusted Partner For Security Awareness Training

Employee Engagement Specialists

We Make It Easier To Engage Employees And Create a Culture of Cyber Awareness

Security Awareness Automation

Easily Automate Security Awareness Training, Phishing And Policies In Minutes

Leadership

Meet the MetaCompliance Leadership Team

MetaBlog

Stay informed about cyber awareness training topics and mitigate risk in your organisation.

10 Steps to Improve Password Security

Password Security

about the author

Share this post

Here is a look at the humble password and some ways to improve password security.

Love or hate them, the password plays a significant role in our everyday working life. The password has become the go-to way to log into a corporate app, and most online accounts are password-based; even with MFA (multi-factor authentication) and biometric authentication, the password persists as a first factor. 

The reason for the popularity of the password is that it is simple for people to use and for developers to implement. But unfortunately, the password has many Achilles Heels, and cybercriminals take full advantage of the password’s vulnerability. 

What is Password Safety?

Password safety is a fundamental part of workplace security. But passwords are regularly exploited, misused, and abused. Some staggering statistics show just how bad the password security situation has become in recent years:

How many passwords are stolen?

  • Cybercriminals exploited 1.7 billion login credentials (including passwords) in 2021. (Spycloud Survey)

How insecure are passwords?

  • The number one reused unencrypted password was ‘password.’ (Spycloud Survey)
  • 45% of users do not change their passwords after a breach. (LastPass study)

How are passwords misused?

The Importance of Password Security

Passwords are vulnerable to phishing attacks: a Hypr 2022 survey found that 89% of companies experienced a phishing attack in 2021. Research into the effectiveness of phishing has found that 32% of employees will click on a phishing link. Human error, which includes sharing passwords and using weak passwords, is behind 95% of cyber attacks, according to the “IBM Threat Intelligence” survey.

Improving password security is a fundamental way an organisation can help its security posture. Therefore, focus on safe password practices to quickly enhance your organisation’s risk level.

Here are ten best practices to better password security to reduce the likelihood of a cyber attack.

Ten Tops Tips to Keep Your Passwords Strong and Secure

Don’t Share Them!

Employees share passwords. A survey from Yubico and Ponemon found that 49% of IT security and 51% of employees share passwords with co-workers to access business accounts.

Sharing passwords means that those passwords are out of the control of your organisation. Control is critical in maintaining security. Ensure that your security policies and practices reflect that an employee must not share passwords. Importantly, educate all employees on the importance of not sharing passwords.

Do Not Use the Same Password for Different Accounts

Employees may have many passwords to remember; as mentioned above, 60% of employees admit to reusing passwords across multiple accounts. Discourage employees from using the same password by giving them mechanisms to prevent this. These mechanisms can include Single Sign On (SSO) across related accounts and a password manager.

Use a Password Manager

In our post “Why You Need A Password Manager“, MetaCompliance states that the average person must remember between 70-80 passwords. Even those who have incredible memories would struggle to remember so many passwords.

To help remove this burden on employees, your company can issue staff with a password manager. A password manager is a digital vault that stores, secures and presents a password when a user logs in, so they don’t have to remember the password.

Don’t Write Passwords Down on Your Desk!

One bad password habit is to write passwords down on a piece of paper: they are potentially at risk, especially in a work environment, as any passing person could copy the password and use it to log in to that employee’s accounts. Also, an employee using the same password with many accounts could lead to multiple account exposure.

Never Give Out Passwords If Asked

Make sure that employees understand how social engineering works. Use Security Awareness Training to emphasise how scammers trick them into giving out personal information, including passwords.

Make Passwords Hard to Guess

The most popular password is 123456. This makes the job of a cybercriminal easy. Password security is helped by enforcing the use of hard-to-guess passwords. In addition, create a password policy that encourages the use of more complex passwords. US standards body, NIST, provides a regular update on the most robust password policies.

Change Passwords If In Doubt

Security policies should ensure that employees change passwords if they believe they have been phished. However, mandatory password updates every X week or month can often result in poor password hygiene. If people are forced to change passwords, they tend to use less robust updated passwords – perhaps adding a number to the end: ‘password’ becomes ‘password12’.

Make Password Recovery Questions Harder

Password recovery is often a target for cybercriminals; methods used to recover passwords require users to enter details such as their mother’s maiden name. The problem is that this type of information can be easily found by fraudsters trawling internet forums and social media platforms.

Ensure your password recovery system is robust and has associated security mechanisms for preventing exploitation. Check out OWASP’s suggestions for robust password recovery.

Don’t Lose Passwords Over Insecure Connections

A password could be stolen if a person uses an insecure internet connection to log in to an account. This common method is used to steal data, including passwords, when people use public internet connections. If your employees work remotely and may use public internet, ensure employees only connect using a secure site, i.e., HTTPS or a VPN.

Educate Users About the Dangers of Dictionary Attacks

Encourage users not to use common words when creating a password. Unfortunately, people tend to use known words for passwords: this fact is exploited in “dictionary attacks” that use malicious programs to try to hack into an account using common passwords and words.

Educate users using Security Awareness Training on tactics like this, and more, that are used to hack passwords.

cyber security risk
cyber sec French img 1

Other Articles on Cyber Security Awareness Training You Might Find Interesting