It doesn’t matter how high and thick your walls are if your adversary has a key to the front door.
Even as data security technology enters the age of artificial intelligence, the greatest vulnerability for most businesses remains the humble password. In fact, according to a 2024 study, 81% of confirmed data breaches last year involved weak, default or stolen credentials, up from 63% in 2016.
According to the Canadian Anti-Fraud Centre, the most common types of fraud perpetrated against Canadians in 2024 were identity fraud, service fraud and investment fraud. According to the agency each are “designed to get you to pay or give away sensitive information like your social insurance number, passwords or banking details.” Last year, the CAFC received over 100,000 incident reports, which included at least 34,600 unique victims.
The Canadian Federation of Independent Businesses reports that half of Canadian business owners have experienced an attempted or successful cyber fraud in the last year. According to CFIB, 36% of targeted businesses suffered a financial loss, which averaged $7,800.
If password hygiene is an organization’s best protection against cybercrime and fraud, then it stands to reason that employees are the first line of defence. Here are some of the most effective ways for Canadian businesses to ensure their digital assets remain protected through strong password management.
Set up processes to regularly update passwords
Though technology has evolved dramatically in recent years, many of the most effective cyber defence tactics and habits remain the same.
That includes regularly changing or updating passwords and even implementing policies that require password changes after a set number of days. Passwords should also be changed immediately if compromised by a breach or hack.
That also means encouraging staff to adopt a strong password or passphrase that include a variety of letters, numbers and symbols, and never repeating passwords, which can be a difficult habit to break. In fact, 55% of Canadians reuse the same password across multiple accounts.
And of course, never use the default password that comes with your software, as those are typically the first attempted by hackers. For more tips to create strong passwords, check out our article on Cyber Safety 101: 3 Tips for Easy Password Protection.
Enable multi-factor authentication
One of the most effective ways to guard against compromised passwords is enabling dual or multi-factor authentication. According to a recent study by Microsoft, 99.9% of compromised accounts do not have the feature enabled, leaving them vulnerable to cyber threats.
The simple but powerful feature asks users to provide at least one additional point of authentication to gain access to accounts, such as a unique code sent to their phone or email address.
Switch to biometrics
Stealing someone’s password is much easier than stealing their fingerprint or facial features. That is why one of the most effective ways to protect your sensitive online data is to switch from punching in passwords to using biometric authentication like fingerprint, retina and facial scans.
Though not always available on all business devices, biometrics have proven an effective way to maintain online security without having to remember lots of complicated passwords. Switching more of your login credentials to scans of those unique features is among the most effective ways to keep your online data secure.
Use a password manager
Remembering lots of complicated and unique passwords isn’t always easy, which is why so many Canadians re-use the same simple passwords, even though it exposes them to significant risk.
When hackers steal your login credentials in a data breach, they often try using the same email and password combination on other accounts or sell them online. In fact, there are approximately 24 billion username and password combinations circulating in cybercriminal marketplaces. That means that if one password is stolen, every account that uses that password is at risk.
Often the best way to maintain lots of safe, secure and unique passwords all at once is by using a password manager. Tools like 1Password, for example, help users come up with a variety of super secure passwords for all of their unique accounts, while making them accessible through a single password-protected app. That means that users can enjoy the security that comes with having many strong passwords while only having to remember one.
Password policy and protocol can help to keep your business safe from fraud
While there are many ways to fall victim to online fraud and scams, password theft remains a primary mode of attack. That is why strong password management should be the centrepiece of any online security policy.
Employers looking to secure their business’s digital assets are therefore encouraged to set clear policies and protocols related to password management, and adopt security tools and features like biometric identification, two-factor authentication and password management software—RBC commercial clients can unlock a 3-year discounted offer with 1Password.
Visit our hub for more advice on protecting your business from cyber security threats.
This article is intended as general information only and is not to be relied upon as constituting legal, financial or other professional advice. A professional advisor should be consulted regarding your specific situation. Information presented is believed to be factual and up-to-date but we do not guarantee its accuracy and it should not be regarded as a complete analysis of the subjects discussed. All expressions of opinion reflect the judgment of the authors as of the date of publication and are subject to change. No endorsement of any third parties or their advice, opinions, information, products or services is expressly given or implied by Royal Bank of Canada or any of its affiliates.
