Weak Passwords in Construction and Manufacturing Put Businesses at Risk

Simple passwords are dangerous to all users, but businesses and their employees need to take extra care when it comes to cybersecurity.

Top 10 Passwords Used

Employees in the construction and manufacturing industries use shockingly weak passwords, as revealed by research from Nordpass, a password manager for both B2B and B2C clients. This alarms security experts, as weak passwords make it very easy for hackers to access accounts.

Password information was compiled in partnership with a third-party company specializing in data breach research. Researchers analyzed data from public third-party breaches that affected Fortune 500 companies. In total, analyzed data included 15,603,438 breaches and was categorized into 17 different industries.

Researchers evaluated the top 10 passwords used in each industry, the percentile of unique passwords and the number of data breaches affecting each industry. For construction and manufacturing, the top 10 passwords used were:

  1. Company name*
  2. password
  3. aaron431
  4. 123456
  5. Company name eu*
  6. 123ccp
  7. pass1
  8. company name*
  9. Company name*
  10. Company name*

* The passwords indicated are a company name or variation of it (e.g., ABCCompany2002). For security, purposes the exact names are not provided.

Simple passwords like these are dangerous to all users, but businesses and their employees need to take extra care when it comes to cybersecurity. For example, in February, a water treatment facility in Florida had a serious computer breach. The company used an unsupported version of Windows with no firewall and shared the same TeamViewer password among its employees. And in December 2020, SolarWinds suffered from a big data breach, reportedly due to protecting one of its servers with the password “solarwinds123”.

It's also not uncommon for employees to utilize the same passwords for personal and business accounts. As a result, consumer-facing breaches can potentially expose business enterprises, as well. Data breaches then create a domino effect across multiple organizations through the reuse of credentials across personal and business accounts.

“Businesses and their employees have a duty to protect their customers’ data. A weak password of one employee could potentially jeopardize the whole company if an attacker used the breached password to gain access to sensitive data,” says Chad Hammond, security expert at NordPass.

Good Hygiene Required

According to an IBM report, an average global cost of a data breach is $3.86 million. And out of all countries, data breaches at US-based companies are the most expensive at $8.64 million. According to Statista, these costs include things such as:

  • lost business resulting from diminished trust or confidence of customers;
  • costs related to detection, escalation, and notification of the breach;
  • and ex-post response activities, such as credit report monitoring. 

So, how can businesses reduce their risks? You can improve password hygiene by:

  1. Creating complex and unique passwords, updating them regularly and storing them in a password manager: Adopting a password manager for company-wide use is your best bet to maintain the security of your business accounts. A password management solution provides a secure way to store, share and manage passwords in a single place.
  2. Using multi-factor authentication or single sign-on: Companies should use multi-factor authentication where available for an added layer of security. Another great concept is to leverage single sign-on and password synchronization. With single sign-on, employees are less likely to revert to bad password practices, such as creating common passwords or writing them down.
  3. Educating your employees on password hygiene and potential risks: It’s important to note that employees should avoid mixing their work and personal accounts. This ensures that their personal identity is not only protected, but also any information related to their employer is safeguarded in the event of a breach.