閱讀中文版本

According to recent research of Fortune 500 companies by NordPass, many in the human resources field use shockingly weak passwords. 

Weak passwords are one of the top causes of data breaches in business, the research found. Simple passwords are very dangerous to all users, but businesses and their employees need to take extra care when it comes to cybersecurity. 

“Businesses and their employees have a duty to protect their customers’ data. A weak password of one employee could potentially jeopardise the whole company if an attacker used the breached password to gain access to sensitive data,” says Chad Hammond, a security expert at NordPass.

The top 10 passwords in the HR industry, according to the research:

  1. password
  2. Kenzie14
  3. Company name123*
  4. Company name1234*
  5. welcome1
  6. 123456
  7. Company name*
  8. linkedin
  9. scooter
  10. Password

* This password is a company name or a variation of it (e.g. Company name2002). The exact company name is not named.

Security breaches are more common than many organisations may be aware of. A senior HR practitioner at a Hong Kong construction company that Human Resources talked to recently, revealed that the company’s servers had been hacked – resulting in many weeks of severely compromised business function. It took many months before the IT team could get operations back to normal.

In another case Solar Winds, a water treatment plant in the US state of Florida, had a serious computer breach. The company used an unsupported version of Windows with no firewall and shared the same TeamViewer password among its employees. In December 2020, SolarWinds suffered from a big data breach, reportedly due to protecting one of their servers with the password “solarwinds123”.

Data breach cost

A recent IBM report put the average global cost of a data breach is US$3.86 million (HK$29.96 million). However, a data breach in the healthcare industry costs more than double (US$7.13 million).

According to Statista, the cost consists of factors such as: Lost business resulting from diminished trust or confidence of customers; costs related to detection, escalation, and notification of the breach; and ex-post response activities, such as credit report monitoring.

How can businesses increase their password hygiene? 

  1. Create unique passwords, update them regularly, and store them in a password manager
    Adopting a password manager for company-wide use is your best bet to maintain the security of your employees and business accounts.

  2. Use multi-factor authentication or single sign-on
    Companies should use multi-factor authentication where available for an added layer of security.

  3. Educate your employees on password hygiene and potential risks|
    Employees should avoid mixing their work and personal accounts. This ensures that their personal identity is not only protected, but also any information related to your employer is protected in the event of a breach.

The list of passwords was compiled in partnership with a third-party company specializing in data breach research. In total, the analysed data included 15,603,438 breaches and was categorised into 17 different industries.