Cybersecurity has been making headlines due to a number of significant data breaches. Yahoo, Target, and Equifax are just some of the biggest successful hacks to gain attention. Most data breaches are the result of human or process errors. The top five causes are:
- Lost or stolen paperwork
- Posting or sending data to the wrong individual
- Emailing data to the wrong individual
- Insecure website (i.e. hacking)
- Lost or stolen unencrypted device
How Hackers Obtain Passwords
By now, most businesses know their employees need to use strong passwords including a mix of uppercase letters, lowercase letters, numbers, and symbols. Some even go so far as to implement a rule requiring employees to change their password every few months. However, even the strongest of passwords are vulnerable in traditional practices.
Adding a layer of difficulty to password strength is an employee’s propensity to reuse it. An employee may believe he or she has a strong password and thus reuses it with simple alterations. This is a problem if a hacker learns the basic password. The cybercriminal can brute force their way into several applications by adding 1s, !s, and other common password variations. To help employees manage their passwords, some companies are utilizing password storage software that encrypts the passwords while giving access to the employee.
Two factor or multi-factor authentication (2FA/MFA) can help cut down on hacker success since they rely on two or more separate methods of confirming an individual’s identity. The most common methods are inputting a password in combination with a code texted or emailed to a separate account. Some companies go so far as to implement biometrics (i.e. fingerprint logins) or single sign on (SSO) systems. SSO systems allow a user to login to several applications with a single login. This makes tracking unusual activity simple and allows companies to monitor accounts better.
Employee education is the best first line of defense against data breaches. Many employees are unaware that their password is weak or that their login is vulnerable. After bringing employees up to speed on modern cybersecurity, businesses need to invest in quality cybersecurity personnel and insurance. The specialists can help keep the hackers out while the insurance can help manage the aftermath should a breach occur. To learn more about protecting your business from cyber risk, contact the experts at The Reilly Company.