I know it may seem hard to believe, but according to Keeper, of the 10 million passwords that were stolen in 2016, a full 17% of them were “123456”. Even more concerning, there are still people that use “password” as their password!

In addition, cyber experts have cited that a segment of the population refuses to upgrade to the newest operating system and applications, even though they know the newer ones are more secure. For example, Wanna Cry ransomware could attack computers that used Windows XP and 7 Operating Systems. These operating systems are no longer supported by Microsoft.

Last, the Pew Research Center surveyed 1,000 Americans asking pertinent questions about cybersecurity. It turned out, only 1% of the participants answered all the questions correctly.

Why are people still making up simple passwords, resisting upgrades, and not schooling themselves about cybersecurity?

In my opinion, the answers are quite simple. Individuals want passwords they can remember. They are resistant to upgrades because it requires change and funding. But most importantly, most do not think they are going to be a target of a cybercrime because their business is too small or their digital footprint too obscure.

These conditions are a perfect breeding ground for cyber breaches.  Below are 5 things you can do to ensure your business moves toward a better cybersecurity solution.


Common Sense Approach to Cybersecurity

  1. Create minimum standards for passwords.
    Today’s best practice recommends each password contain 8-14 letters which include a combination of upper- and lower-case letters, numbers and symbols. It is important to enforce this by only allowing passwords that meet this criterion. Even though these passwords may be somewhat difficult for users to remember, keep in mind the more difficult the password, the harder it is for the hacker to enter your system.


  1. Establish password policies about when user passwords will change.
    Most enterprise organization already enforce this; but small businesses should too. Passwords needs to change when there is a disruption in the company (employees leave, departments are shut down or a merger occurs) or change passwords on a regular schedule.
  2. Keep company and BYOD operating systems and apps up-to-date.
    It is a well-known fact this is a major way hackers get into your system. Implement either an outside agency or internal staff to be the “software police” to track operating system and application levels. Require BYOD devices to have the same standards as internal devices; which means they must have Full Disk Encryption (FDE), Mobile Device Management (MDM), proper network segmentation and endpoint protection.
  3. Train employees about cybersecurity, one article and one meeting at a time.
    Share with your staff articles put out by the National Cyber Security Alliance and share with them why it is important to follow cyber protocol while they are at work, in the airport or even, the local coffee shop. Keep homing in on the reasons WHY you are implementing the procedures you are so they want to follow them.
  4. Hire a firm to complete a password complexity audit.
    An outside organization can examine your company’s risk and work with you to establish a path to data security.

Shellproof Security is a Common-Sense Supplier

We know a single breach of your data can be enough to put you out of business. We have the resources and procedures to adequately protect your business against the toughest cyber foes. Call us at 212-887-1600 for a free initial consultation.