What is video conferencing software?

In simple terms, video conferencing software allows multiple users to hold live video and audio meetings online. This makes it feel like they’re having a face-to-face conversation, even though they’re not in the same room. It usually includes handy features like screen sharing, chat, and file sharing to ensure efficient, secure video conferencing. Video conferencing software is commonly used for work-related virtual meetings and online classes.

Cybersecurity risks in video conferencing

At the beginning of April, Zoom—one of the most popular video conferencing services—had a ton of security-related problems. Most of them revolved around poor encryption and data protection.

Zoom has always claimed to offer end-to-end encryption. However, this turned out to be far from the truth. The company only encrypts data in transit. To make matters worse, the developers have encryption keys that allow Zoom to decrypt its users’ data.

Another problem Zoom had to deal with was so prominent that it even had its own name: zoombombing. It’s a type of photobombing in which hackers and regular internet trolls infiltrate video conferences and post malicious links, pornographic images, or use obscene language.

A combination of weak encryption and bugs in some of Zoom’s apps led to the exposure of 500,000 users’ credentials, which ended up for sale on the dark web. It doesn’t help that Zoom is known to collect and sell users’ data to third parties without informing them.

Even though Zoom was quick to react and patch most of these vulnerabilities, new exploits will likely continue to arise in Zoom and other video chat services. Therefore, you should always keep tabs on the latest cybersecurity news. Otherwise, you risk your private conversations, passwords, and business secrets ending up online.

Secure video conferencing best practices

To ensure that your personal and business video calls are safeguarded, we suggest following these secure video conferencing tips:

1. Make sure to install the latest version of the app the moment it’s available. Updates include security patches that are vital if you want to stay safe online.

2. Never share the meeting link or ID publicly—send it only to the people participating in the video call. If your app allows it, set a password for your meeting to maintain access control. Need help with creating a strong password? Try our password generator.

3. Take advantage of the other features offered by your video conference app. Some have a virtual waiting room where you can approve each person individually. Others allow you to disable participants’ cameras and microphones, or even kick them out. Learn about all the features of your secure video conferencing platform, as well as how to use them to stay safe.

4. Never accept video conference invites from people you don’t know. They might be scams or attempts at catfishing, so it’s best to stay away from people you don’t know.

5. Always be mindful of what you say and show during a video call. Remember, everything can be recorded, and you never know where it will end up. So, avoid sharing any information that’s too personal or sensitive. Look for safer methods to discuss business secrets.

6. Even though many video conferencing apps offer encrypted video calls, you should still take additional safety measures and do your own research. Make sure that the apps don’t have any known vulnerabilities, the encryption protocols they use are bulletproof, and your own device is not infected with malware. If someone has control over your computer or phone, they can listen in on your calls, even if they are end-to-end encrypted. Scan your devices regularly to make sure they are safe to use.

7. Be careful with apps you have never heard of. Only download them from official app stores, and always check whether the developer is trustworthy before installing. Hackers are known to create fake versions of popular, secure video conferencing platforms that infect your phone with malware.

8. The usage of various video conferencing tools is skyrocketing, and cybercriminals have their eyes set on them. Therefore, never reuse passwords, change them regularly, and come up with strong, complex passwords for your most sensitive accounts. If you need help remembering them, use a password manager to safely store them all.

9. Use a HIPAA-compliant video conferencing platform to ensure the safe handling of sensitive health information. Considering that sometimes employees need to share their health data with people in other departments (e.g., HR), you should create a safe virtual environment where they can do that without worrying about security.

10. Use a HIPAA-compliant video conferencing platform to ensure the safe handling of sensitive health information. Considering that sometimes employees need to share their health data with people in other departments (e.g. HR), you should create a safe virtual environment where they can do that without worrying about security, complying with HIPAA requirements.

11. Use only strong passwords—combinations of letters, numbers, and symbols that are complex and unique enough to prevent cybercriminals or malicious machines from identifying them. You should also implement two-factor authentication to increase the level of cybersecurity at your company. With two-factor authentication, employees must provide more than just their password to log in to your company applications or access company data. This means, for example, that they will be sent a verification code via email or SMS, or asked to confirm their identity using biometrics.

12. Limit screen sharing to trusted people only, and be mindful about sharing individual web pages or applications rather than your entire screen to ensure that no sensitive information is shown.

CISA guide for securing video conferencing

The Cybersecurity and Infrastructure Security Agency (CISA), a US Department of Homeland Security agency, has released a guide on how to carry out video conferences in a secure way. In essence, CISA has come up with 4 tips that, when followed, can help you safely connect with others over a video chat. They are:

Make your network secure—set up your router to use the WPA2 or WPA3 wireless encryption standard, and create strong passwords for both the router and your Wi-Fi network.

Control access to your video conferencing software—create strict policies, processes, and procedures so that only the right people can use your video conferencing software.

Create a secure environment for file and screen sharing—establish secure rules regarding the types of files that can be shared during a video conference. Also, if you plan to record the meeting, notify all participants.

Use only the latest versions of your applications—enable automatic updates and follow a patch management policy to make sure your applications are up-to-date and as secure as they can be.

Most secure video conferencing software

Below, we have compiled a list of what we consider to be the best secure video conferencing tools available on the market today. They are:

• ZoHo Meeting—a secure video conferencing platform that not only provides all the communication features needed to connect with other team members. It encrypts all audio, video, and screen sharing to make sure that all information—both personal and business—is safe and sound. Using ZoHo Meeting, you can easily record your meetings and share them with the people you trust. Plus, as a host, you can “lock” the meetings so that they are fully private. This gives you full control over who can join the meeting, and you can add/remove participants at any time.

• Microsoft Teams—probably one of the most popular video conferencing tools available on the market, Microsoft Teams is a secure video conferencing service that comes with a wide range of features to help you easily set up and carry out video conferences. Not only does it allow you to connect with up to 10,000 people at once for a live event, but it also enables you to go from a group chat to a video conference with the press of just one button.

• Pexip—a video conferencing tool that prioritizes security. With Pexip, you can set up PIN-protected virtual meeting rooms that allow you to keep communication private and control meeting access. As a host, you can see all participants taking part in the meeting and thus be sure that no eavesdropping is attempted. If you are looking for a secure video conferencing service, you should give Pexip a go.

• Google Meet—developed by Google services, this secure video conferencing tool allows users to host and join virtual meetings. It offers features like screen sharing, real-time captions, and integration with Google Workspace tools, making it ideal for both personal and professional use. Users can engage in encrypted video conferencing through a web browser or mobile app without being required to install any additional software.

• Zoom—another highly popular video conferencing platform that lets users set up virtual meetings, webinars, and online events. While it had its fair share of security issues in the past, it offers features like screen sharing, breakout rooms, and virtual backgrounds, providing functionality for both personal and professional needs. By allowing users to join meetings via a web browser, desktop application, or mobile app, Zoom makes video conferencing an enjoyable experience anywhere, anytime.

Bottom line

Follow the best practices outlined in this article to ensure secure video conferencing, both for private and business environments. Likewise, review all your options before choosing one of the secure video conferencing tools for yourself or your team. Lastly, use NordPass to store passwords for these platforms or generate them for meeting access with our password generator.

The integration of GRC components allows organizations of all sizes to make better decisions, improve their overall security strategy, and ensure they meet regulatory standards, setting a solid groundwork for operational efficiency and sustained growth. Let’s take an in-depth look at all things GRC.

The concept behind Governance, Risk, and Compliance (GRC)

GRC is a strategic framework developed by the Open Compliance and Ethics Group (OCEG) in 2002. Generally speaking, it is designed to help organizations align their IT operations with overall goals, effectively manage risks, and comply with local laws and regulations. You can think of GRC as a holistic approach that improves organizational efficiency, safeguards against financial losses, and even upholds brand image and integrity. Let’s break down GRC letter by letter.

• Governance involves establishing policies, roles, responsibilities, and procedures to guide and control how an organization’s various departments work together toward achieving business objectives and operational excellence. It ensures that IT decisions are always in line with the organization’s strategic goals.

• Risk management is about identifying, evaluating, mitigating, and monitoring risks that could affect the organization’s reputation, safety, security, and financial well-being. This includes taking a wide range of risks seriously, from cyber threats to compliance breaches, and implementing strategies to reduce their impact.

• Compliance is the adherence to relevant laws and regulations affecting the organization’s operations. It includes everything from data protection regulations like GDPR to sector-specific rules, ensuring organizations meet their legal duties and preserve their integrity under external examination.

At its core, GRC aims to enable organizations to foresee and control risks associated with cybersecurity and other threats, operate within legal boundaries, and make strategic decisions promoting long-term success and resilience.

Why is the concept of Governance, Risk, and Compliance (GRC) important?

The significance of GRC for today’s business cannot be overstated because it helps organizations protect themselves and optimize their operations and strategy in a world of ever-evolving regulations, increasing cyber threats, and competitive pressures.

Here’s why the strategy of Governance, Risk, and Compliance is indispensable for modern businesses:

• Helps ensure regulatory compliance: With the complexity and scope of regulations always expanding, GRC provides organizations with the structure needed to ensure they meet all legal requirements. This is vital for avoiding penalties and fines and maintaining trust with customers and stakeholders.

• Mitigates risks: Integrating GRC risk management into every aspect of the business helps organizations identify, assess, and mitigate risks before they escalate into organization-wide issues.

• Aligns IT with business goals: GRC helios organizations ensure that IT strategies and processes align with the organization’s business objectives. This alignment is critical for maximizing the efficiency and effectiveness of IT investments, supporting growth, and maintaining a competitive edge.

• Promotes operational excellence: By establishing clear policies, procedures, and controls, GRC enhances operational processes, improves efficiency, and ensures that all organizational activities are aligned with the overall strategy and values.

Governance, Risk, and Compliance maturity is measured by the GRC maturity model developed by the OCEG . It helps companies gauge the level of GRC management within the organization and identify areas for improvement and growth.

In short, GRC is crucial for organizations seeking to navigate the complexities of the contemporary business world safely and successfully.

How to implement GRC in your business

Effectively and seamlessly integrating a Governance, Risk, and Compliance program across a business requires a thorough roadmap. Here are 7 main key steps, each designed to support a specific aspect of the journey:

Assess the benefits

Begin by evaluating what specific GRC framework benefits can bring to your organization, such as enhancing compliance, improving operational efficiency, and reducing risks. Such benefit assessment will help you to focus on strategic areas, provide a strong foundation for decision-making and community value to the stakeholders, and so not waste time in the process.

Name GRC implementation areas

To ensure a focused and effective GRC program rollout, identify the areas of your organization that will benefit most from it. Begin by assessing the existing processes, departments, and other functions to evaluate where stronger compliance or risk management practices are needed. Such prioritization will help you to create a roadmap to start and ensure that the GRC framework is tailored to address your company’s unique challenges and requirements.

Choose the right GRC solutions

This might sound trivial, but actually choosing the right tool to implement a GRC program is critical as it simplifies the integration process and reduces potential challenges. When selecting the software for your company, evaluate features such as automation, reporting, and adaptability to various compliance requirements.

Create the implementation roadmap

 Once all the preparations are done, you can now turn to creating the GRC implementation roadmap itself. It should be clear, step-by-step, and flexible enough to adapt to changes or challenges. Within it, define a timeline, key milestones, tasks, and responsibilities.

Ensure collaboration

 For successful GRC implementation, continued close communication and cooperation between all stakeholders are vital. Stakeholders such as leadership, heads of departments, and IT and legal teams should be aligned on the objectives, scope, and benefits of the GRC initiative. Consider establishing regular meetings and communication channels so the stakeholders are always informed.

Implement the process

 Now, all it has left is actually to undergo the implementation process. This mainly consists of deploying the selected GRC software, integrating with existing systems, and configuring workflows to align with the organization’s specific requirements and needs.

Monitor, improve, and streamline compliance

 Continuous monitoring is crucial for the GRC framework to remain effective and adaptable. Such monitoring helps to indicate potential gaps and allows proactive action to ensure that your company’s GRC system is involved with regulatory changes and business needs.

Understanding the GRC Framework and its operation

This GRC framework not only supports an organization’s immediate operational needs but also its long-term strategic goals and ambitions.

Here’s how the GRC framework functions to achieve these aims:

• Setting strategic goals and objectives: The first step in implementing a GRC framework includes defining the organization’s strategic goals and objectives. This ensures that all GRC efforts are directly aligned with the organizational aims.

• Developing a governance structure: When building up a governance structure it is crucial to have a clear delineation of roles and responsibilities within the organization. This structure provides the foundation for making informed decisions, managing risks, and ensuring compliance.

• Risk identification and assessment: A key component of the GRC framework is the systematic process of identifying and assessing potential risks that could impact the organization. This, usually, involves analyzing the likelihood of various risk scenarios and their potential impact on the organization’s objectives.

• Implementing controls and procedures: Based on the risk assessment, the organization activates appropriate controls and procedures to manage and mitigate identified risks. This could include implementing new tools and technologies, revising operational processes, or obtaining various compliance certifications such as SOC 2 Type II Compliance, ISO 27701 Compliance, CPRA Compliance, or ISO 27001 Compliance.

• Ongoing monitoring and enhancement: The final step in the GRC framework is the continuous monitoring of the framework’s effectiveness and making improvements where necessary, which means regularly reviewing and updating the governance structure, risk management practices, and compliance efforts to ensure they remain effective and aligned with the organization’s goals.

By systematically assessing organizational goals, establishing a governance structure, identifying and mitigating risks, and continuously monitoring and improving the framework, organizations can ensure that they are well-positioned to meet their objectives while maintaining compliance and a strong overall security posture.

Benefits of the GRC Framework

The GRC framework isn’t just a set of guidelines to keep regulators at bay; it’s a comprehensive approach that can streamline processes, safeguard assets, and drive efficiency. Here’s what it brings to the table.

Enhanced decision-making

At the heart of GRC lies the power to make informed decisions. By integrating GRC practices, organizations gain a 360-degree view of their risk perimeter and compliance status. With real-time insights and analytics, decision-makers can pivot precisely, ensuring that every move is aligned with internal goals and external regulations.

Improved efficiency and reduced costs

By GRC activities, companies can eliminate redundant processes and streamline operations. This boosts efficiency and significantly cuts down costs associated with managing risks and ensuring compliance separately.

Risk Mitigation

Today, risks come from every direction—cyber threats, regulatory changes, market volatility, you name it. The GRC framework helps businesses to better identify, assess, and mitigate risks before they escalate into full-brown breaches.

Strengthened regulatory compliance

Navigating the complex web of regulations can feel like walking through a minefield. GRC simplifies this by providing a structured approach to compliance. Whether it’s GDPR, CCPA, SOX, or any other regulatory acronym, GRC helps businesses stay on top of their obligations.

Competitive advantage

In a marketplace where trust and reliability are as valuable as the services or products offered, GRC can be a game-changer. Organizations that proactively manage governance, risk, and compliance project a strong image of reliability and responsibility.

Enhanced organizational reputation

Lastly, a robust GRC framework polishes your organization’s reputation. In an era where news travels faster than light, a single misstep can tarnish your brand. By ensuring that governance, risk management, and compliance are tightly woven into your corporate fabric, you minimize the chances of such mishaps.

Challenges of implementing GRC framework

There’s no doubt that implementation of the Governance, Risk, and Compliance program can bring lots of benefits to your company. Unfortunately, companies often face challenges before, after, and during the implementation. So knowing these possible challenges beforehand can help you to mitigate or overcome them:

Unwillingness to change

In order to successfully implement the GRC program, new processes, tools, and even cultural shifts are required from the employees and leadership. Unfortunately, this can be met with hesitation from them and to overcome it, you’ll need to invest in promotion of department collaboration, provide awareness and training programs. This will ease the transition and mitigate change resistance. Similarly, you should showcase any early successes to build trust and boost the engagement.

Expertise gaps

Lots of companies often struggle with the internal expertise needed to design and implement an effective GRC program. This cap can be addressed by consulting with external experts or providing internal training for your internal teams.

Integrating siloed operations

More often than not, organizations are held back from achieving the integrated approach for a centralized GRC program because of the fragmented systems and processes. Hence, it’s crucial to foster cross-functional communication and collaboration, use all-in-one GRC tools to consolidate data and processes, and align departmental goals with a broader GRC strategy. This can successfully break down existing operational silos.

Resource limitations

Resources, such as personnel, budget, and time, aren’t unlimited. So, it’s critical to prioritize GRC areas that will deliver the most significant impact and measurable results. Then, you can use these successes to advocate for additional support and resources.

GRC software and tools

GRC software is a suite of applications that enable businesses to align IT processes and strategies with business goals while managing the vast spectrum of risks and complying with legal and regulatory obligations. The beauty of these tools lies in their ability to provide a bird’s-eye view of GRC-related activities in real-time.

At their core, GRC solutions are about integration. They break down silos between departments, ensuring that information flows seamlessly across the organization. This integrated approach ensures that everyone is on the same page, making it easier to identify, evaluate, and manage risks across all levels of the organization.

As we mentioned earlier, one of the key benefits of leveraging GRC software is the enhanced efficiency it brings to the table. Automating repetitive and manual tasks frees up valuable resources, allowing teams to focus on strategic objectives. Additionally, these tools come equipped with advanced analytics and reporting capabilities, providing actionable insights that can help and mitigate risks before they escalate.

Yet, choosing the right GRC software is not a one-size-fits-all affair. It requires a deep understanding of your organization’s specific needs and its regulatory landscape. Factors such as scalability, customization, user-friendliness, and integration capabilities with

As the regulatory and risk environment becomes more complex, the role of GRC solutions in ensuring resilience, compliance, and strategic alignment becomes ever more critical.

The key AI technologies in GRC

In a world that’s racing to adapt AI technologies as quickly as possible, GRC software is no stranger. Even more, it’s actually becoming the key element in effective risk management strategies.

AI-powered GRC systems can help companies effectively automate, enhance reporting capabilities, and streamline processes in increasingly complex regulatory requirement environments and cybersecurity challenges. This means that organizations that adopt AI GRC software can more efficiently manage risks, reduce operational costs, improve data-driven decision-making, and strengthen regulatory compliance.

Let’s now look closer at AI technologies that are changing the Governance, Risk, and Compliance landscape:

• Robotic Process Automation (RPA): RPA and artificial intelligence are related but distinct things. Most importantly, RPA is process-driven, which means it follows the process defined by a user. However, AI is data-driven and uses machine learning to recognize patterns in data to learn over time. So, RPA-driven GRC tools will help automate specific tasks like data collection, report generation, and compliance checks. This reduces manual work and minimizes human error.

• Machine learning (ML): ML is a branch of AI that allows computers to learn from data patterns and improve their performance on specific tasks without being explicitly programmed. Within Governance, Risk, and Compliance, machine learning can analyze extensive amounts of historical data to predict possible risks and compliance issues, empowering organizations to tackle them proactively.

• Natural language processing (NLP): NLP is a branch of artificial intelligence that uses machine learning to enable machines to learn, read, and interpret human language. It’s useful for simplifying complex legal texts, compliance regulations and documentation to extract relevant data.

How NordPass helps organizations in their GRC efforts

NordPass stands as a great solution for businesses striving to improve their enterprise Governance, Risk, and Compliance frameworks, with a particular focus on securing and managing information access.

The key to NordPass’s utility is its advanced security features, such as end-to-end encryption and zero-knowledge architecture. These ensure that sensitive information remains accessible only to those with proper authorization, drastically reducing the risk of unauthorized access.

NordPass also improves organizational governance by facilitating controlled access to sensitive data. By implementing IT password management, user groups, and shared folders, businesses can enforce access controls that reflect their internal structures and governance policies, promoting accountability and transparency.

Furthermore, NordPass improves operational efficiency by simplifying login management. This efficiency allows employees to focus more on their primary tasks which is essential for companies looking to streamline their processes and ensure their governance frameworks effectively support their goals.

The IT Governance, Risk, and Compliance landscape is continually evolving, presenting new challenges and regulatory requirements. NordPass’s commitment to ongoing security innovation ensures that businesses can rely on a solution that remains at the forefront of security and compliance standards.

Media and awards

Over the past few months, we have received quite a few awards. It’s a great honor to be recognized for our work creating advanced yet easy-to-use cybersecurity solutions.

GQ’s pick for the best password manager

To our great joy, the GQ team selected NordPass as the best overall password manager this year. GQ tests password managers based on price, ease of setup, and the quality of different features like autofill or password sharing. They noted that NordPass offers an easy-to-use interface, many features, and a good free tier.

American Business Stevie Bronze Medal

Here at NordPass, we strive to bring our users the best possible experience. So when there’s an unexpected hiccup or issue, our amazing Customer Support team is there to help 24/7. It was a great pleasure to be recognized by the American Business Stevie Awards with the Bronze Medal for Customer Support Department of the Year.

CyberTech category winner of the Global Tech Awards

Not a day goes by that we don’t think about how to improve and make cybersecurity effortless for individuals and companies. So, our team is truly happy to be recognized for excellence in the Cyber Security Technology category at this year’s Global Tech Awards. The selection criteria include technical quality, user experience, scalability, social impact, and more.

Global InfoSec Award for Passwordless Authentication

Lastly, the Global InfoSec Awards recognized NordPass for its passwordless authentication. This award celebrates NordPass’ commitment to advancing secure, password-free authentication solutions. With our passwordless authentication platform, Authopia, enterprises can enable seamless, passkey-based logins, help businesses reduce account takeover risks, and improve the user experience.

We have a passwordless login for our vault as well, so our users can access their accounts via biometrics. Additionally, NordPass supports cross-platform passkey storage and integration with identity providers like Google Workspace or Azure Active Directory.

Freshest NordPass updates and improvements

Okay, now let’s get back to the core of NordPass—the product itself—and see what improvements and updates our team has made.

Sharing Hub update

As organizations grow, the question of sharing becomes more prominent. More and more credentials are moved around teams and departments, often informally or without consistent oversight.

To tackle this problem, we released Sharing Hub this autumn, which included a viewing option that allowed organization Owners to see which items could be accessed and by whom, as well as who had shared or created them. This spring, we significantly improved the feature. Now, Owners can control access to all shared company credentials by granting, modifying, or revoking access rights for any shared item or folder as needed. They can also transfer ownership if required, all from a single place—the NordPass Admin Panel.

What’s new with the company-wide Data Breach Scanner?

Similarly, we have made significant improvements to our tried-and-true Data Breach Scanner.

To ensure that your company gets the most from NordPass, we will now monitor your company’s domain based on the organization Owner’s email address, eliminating the need for separate verification. Note that in this case, you’ll only get notifications about the breaches but no detailed information on them. If you want to get that additional info, you’ll have to add your domain and verify it. As for domain verification, it’s now seamless and automated.

We also gave the breach report a facelift. Now, you’ll find a detailed description of the breach, the data it compromised, a list of affected organization members, and some recommendations for resolving the breach. In addition, admins can now see which breaches have been resolved and by whom.

Lastly, the “Breach details” list is now easier to navigate because it clearly distinguishes members’ statuses within the NordPass organization. It shows whether members are uninvited, suspended, or Admins, and which groups they belong to.

Business Account session management

From now on, organizations can set a 1-hour, 4-hour, 1-day, 7-day, 30-day, or custom time interval, after which the member session will end, and they will be logged out from NordPass. To continue using NordPass, the member will need to log in again, either using SSO or their Business Account credentials, and then verify their account with MFA, Master Password, or biometrics. For optimal security, we recommend setting the interval to 7 days. After this time, the member will need to log in again.

Filtering the Activity Log

Up next is the filtering improvement for the Activity Log feature. The Activity Log lets organizations gain insight into user activities by tracking access updates and identifying unusual behavior. From now on, Admins and Owners can search the Activity Log by the item ID, allowing them to streamline security investigative processes by quickly identifying suspicious activities. This filtering option, together with filtering by member and date, allows admins to see all actions made to a particular item.

Integration with Microsoft Sentinel

By striving to build a seamless NordPass user experience, we have integrated with Microsoft Sentinel, an SIEM tool. From now on, our Enterprise customers can significantly strengthen their organization’s ability to meet compliance objectives by maintaining audit trails.

This integration allows Enterprise users to export and access NordPass activity logs alongside the data from other systems within Microsoft Sentinel. In doing so, companies can gain a holistic view of their security posture, conduct analysis, and quickly detect and respond to potential threats.

You asked, and we delivered

We are always eager to hear your feedback and improve accordingly. So, with that in mind, we ended last quarter with several user experience tweaks. Starting with the NordPass autofill icon, we have made 2 UX improvements:

• You can now easily tell if your vault is locked thanks to the improved NordPass autofill icon. If you want to unlock the vault, simply click on the icon to open the pop-up window where you can enter your Master Password or use biometrics.

• You can now turn off the NordPass autofill suggestions by clicking the icon. The choice will stay the same throughout the form you’re filling in.

NordPass’ interface redesign

The vault interface across all our platforms and the Admin Panel are where our users primarily engage with and monitor their cybersecurity status. Therefore, we want to provide the most user-friendly experience possible. This quarter, we made some design changes to the iOS, Android, and other platforms to give the UI a more modern look and feel, in line with our NordPass rebranding, which we revealed last year. Additionally, all these platforms have seen usability improvements.

Research and other reports

This quarter was equally rich with research and reports, ranging from our classic report on the most common passwords to a brand-new one on digital anxiety. So let’s see what we discovered:

TOP 20 Not-So-Secret Business Passwords

Together with NordStellar, we’ve analyzed the most common business passwords from 11 industries to uncover the habits behind office doors. Unfortunately, the password patterns are poor and truly not-so-secret. So poor, you might be able to guess the 3 most popular corporate passwords yourself. Yes, they’re “123456,” “123456789,” and “12345678.” If you guessed “password,” don’t worry, it’s on the list.

Our research also showed that using an email address as a password is just as common—it’s convenient, yes, but it’s one of the quickest ways to give your business credentials to hackers. Similarly, many people use their names for work-related passwords—another unfortunate practice that can expose the entire organization’s sensitive data to potential threats.

TOP 200 Most Common Passwords

Ah, and yes, what’s NordPass without our annual TOP 200 Most Common Passwords research? It’s our sixth year in a row—this time, in collaboration with NordStellar—analyzing people’s password habits. And not so shockingly, they are still bad.

We researched passwords from 44 countries that were stolen by malware or exposed in the data leaks. Because they were leaked with email addresses in most cases, we could distinguish corporate and personal credentials by domain name, gaining more insight into both areas.

Digital Anxiety Report

This quarter, we tapped into a new field and released a study on digital anxiety. We wanted to see how many people struggle with it and what’s causing it. The results, or reasons for digital anxiety, are probably those that most people will relate to.

Nearly 80% of people have digital anxiety, which mostly comes from the fear of facing cybersecurity issues like account takeover, identity theft, or scams. However, mild to moderate anxiety was reported due to excessive ads or lack of internet access. As it turns out, even minor inconveniences online can take a toll on our mental well-being.

Stop reusing passwords

Do you have that one good and faithful password you’ve used since high school? Maybe it’s scaterrrboi!94, which ticks most sites’ requirements for password length and includes a special character and two numbers—why change it? Well, according to our recent survey, it turns out that it’s common to reuse passwords. Learn more about why people still reuse passwords in 2025 and why this habit poses a formidable threat to cybersecurity.

Ex-hacker: 5 cyber threats that password managers protect against

We seek to spread knowledge about cybersecurity in every possible way, and sometimes, showing the nitty-gritty behind it is just what might be needed. So this spring, we collaborated with Daniel Kelley, a reformed black hat hacker, to understand the 5 main cyberattacks that can be prevented using a password manager. These threats include phishing, credential stuffing, brute-force attacks, keyloggers, and database leaks. By revealing the inner workings of these attacks, Daniel shed light on why relying on a password manager is vital.

2025 EU-SOCTA: the changing DNA of organized crime

The EU-SOCTA documented a serious shift in organized crime: it seeped into the online world, creating new hybrid and wholly virtual threats that require unprecedented strategies to tackle. These threats may be accelerating and becoming more dangerous and destabilizing.

For example, one of the biggest threats posed by serious and organized crime is the destabilization of the EU. Criminal organizations aim to reduce trust in the legal system and government by spreading violence, corruption, and illicit proceeds. They rely on digital innovations like AI to conceal their activities and make tracing crime back to its source harder.

Although the landscape painted by the EU-SOCTA might seem grim, it indicates potential future trends, allowing individuals and businesses alike to prepare for evolving risks. So, we took this opportunity to explain how Nord Security products, including NordPass, can help.

Bottom line

And that’s a wrap! This quarter was busy with research and product improvements. Yet one thing is clear: we’re not planning to stop this summer, so we’ll see you again in a few months to review what we’ve been brewing. Stay safe with NordPass!