Cyber security firm Zirilio estimates that two-thirds of Australian businesses and large corporations are vulnerable.
Zirilio chief marketing officer Lawrence Patrick warned that the use of default passwords specifically poses significant risks.
He said that using a default password may seem like an easy option to remember, but the problem is, cybercriminals know the default passwords too.
“There is a real problem with companies not taking enough steps to increase their cyber defences.
“Most computers, hardware and software, are set up to allow you to use them right away but the assumption is that you’re going to go back and customise the default password to make it secure,” Mr Patrick said.
US tech giant Microsoft says the most commonly used password last year was “admin”, which is currently being used by more than 20 million people across the globe.
Other popular combinations include “123456” and “password”, according to research by password management company NordPass.
Former security and compliance advisor at software company Salesforce, Jay Hira, added that common words and personal information should be avoided when creating a password.
“Use of personal information such as your date of birth, father’s middle name, mother’s maiden name etc, are all too common.
“Password reuse after a period of time and using the same password across multiple platforms are other common mistakes that we’ve all made at some point,” Mr Hira said.
With more people working from home in recent years due to the COVID-19 pandemic, data theft and hacking is at record levels according to the latest data.
The Australian Cyber Security Centre (ACCC) recorded 67,500 cybercrime reports in 2021, this figure is up nearly 13% from the previous financial year.
Fraud, online shopping scams and online banking scams were the top reported cybercrime types and additionally, self-reported losses from cybercrime total more than $33 billion, according to the ACSC’s latest annual cyber threat report.
Sophisticated hackers often use sneaky tactics such as sending fake text messages containing suspicious links to unsuspecting users in order to gain elevated access to private information.
Last year, Microsoft found more than 280,000 cyber security breaches. About 98% of attacks used a password with less than 10 characters.
In addition, only 2% contained a special character and Proofpoint research found 42% of working Australians use the same password across multiple accounts.
Victoria Police recognises cybercrime as “a key facilitator” of organised crime.
“Cybercrime presents a complex and fast-moving threat and is recognised nationally as a key facilitator of serious and organised crime.
“There are many practical ways for Victorians to protect themselves online.”
A good place to start is to access resources available to you.
Experts say long and complex passwords with a combination of numbers, letters and special characters are generally the strongest.
Mr Patrick added that using a phrase from a poem, or a book or a song is a “clever” way to choose a password that is easy to recall.
“If you want to make it even stronger, you could create an abbreviation that doesn’t mean anything to anyone but makes sense to you,” Patrick said.
He also recommended using the website Have I Been Pwned, which tracks password breaches.
The rise of facial recognition software means remembering seemingly endless passwords could soon be a thing of the past.
“You’ve probably noticed technology companies are pushing really hard to … get us to use facial recognition,” Patrick said.
“Soon everything will be biometric. It will just be a face scan or a retina scan or a fingerprint tied to your identity and that’s how you will log in and authenticate yourself.”
