New Research Supports Need For Better Password Security Management

Shortly before Christmas, security applications firm SplashData released their hotly anticipated research into the most popular, worst (and therefore most commonly hacked), passwords in 2017.

Amongst the culprits were some repeat offenders. Not surprisingly ‘password’ and ‘123456’ topped the top 100 list, closely followed by ‘12345678’ (inventive) and ‘qwerty’ (insert eye roll).

This topic was thrust to headlines globally just a few months prior in September 2017 when, days after a cybersecurity attack that affected millions in the US, it was revealed a section of Equifax’s internal portal in Argentina had ‘admin’ as the login and password.

A blasé attitude toward password security is something else that has been heavily scrutinised in the press of late when it was revealed by Conservative MP Nadine Dorries that it is common practice for MPs to share login details and passwords.

The backlash that ensued following Nadine’s Twitter revelation resulted in the UK’s data privacy regulator issuing a rather embarrassing caution to MPs about the risks of sharing computer passwords.

It is a point frequently hammered home by security experts that cybersecurity measures are only as effective as the people managing them and that human error accounts for the majority of cyber-related breaches.

Why is Effective Password Security Important for Law Firms?

In 2016, IT Group published an article about the increase in cyber security attacks on Law firms – Major Law Firms Targeted by Cyber CriminalsHere we highlighted that the highly remunerative activities of law firms and the sensitivity of the data within their systems make them a tempting target for cybercriminals.

With multiple stories hitting the headlines in relation to successful cyber attacks on a number of leading law firms, we published another article that offered helpful tips and guidance for law firms looking to bolster their network defences.

One of our key recommendations at the time was to maintain effective and consistent password security management.

Aaron Pickett, a member of the digital forensics and cybersecurity team at IT Group, urged legal professionals to “Ensure that all passwords used inside the law firm are strong. You should have been told to ensure you use both letters and numbers and ideally non-alpha numeric characters such as ‘£$%’, but it is a lesser-known fact that simply changing the letters to numbers (for example, l3tme1n instead of letmein) adds no appreciable extra security from the majority of hackers. Consider using a random password generator and using that as your more secure password.” Aaron Pickett, Digital Forensic Examiner at IT Group, advised.

To read the full article that includes more guidance on effective security management, click the link below.

Cyber Security Through the Litigation Process