The True Cost of a Password
Studies indicate that a breach in data security can cost between $100 and $300 for each record that is breached or lost. Part of the cost includes legal fees, lost productivity from the workforce, regulatory fines, and call-center costs. However, the cost to the reputation of the company in the eyes of customers is almost immeasurable. The worst part about all of this is that typically, the breach of data in most businesses is a result of a poorly secured password. In other words, the breach is preventable.
The odds of becoming a victim of a data breach has risen significantly in the last few years. As the potential consequences and risks to the company become greater, many business managers realize that a breach is not “if it could happen” but “when it could happen.”
The Cause of the Breach
Malicious attacks make up the largest portion of a security breach at 37%. Additionally, network glitches are shown to account for nearly 24% of all network breaches. However, the lion's share of the problem belongs to negligent insiders, or employees that simply are not taking enough precautions to guarantee the protection of pertinent confidential information.
Without clear security operating policies in place, protocols and safeguards can become quite lenient. This allows circumstances to arise that include compromising data, data loss, stolen/lost storage devices and/or laptops, misdirected emails, undeleted files, unencrypted data, and compromised passwords.
However, not all the blame can be placed on the shoulders of the IT department, or the employees using bad policies. If the company does not budget enough resources to provide for critical employee training, then the results will be worse. Every employee that utilizes the network must be thoroughly educated on the ins and outs of data security, and how their role influences security within the company.
Reducing Costs through Encryption
The responsibility to adopt stronger, more stringent safeguard measures starts at the top. As cyber attackers learn to be more resourceful using proven tactics and methods to obtain sensitive company information and personal data, it becomes more imperative to utilize encryption technology. Even with the best encryption technology, it is true that hackers might still have the ability to penetrate the office network security layers through malware, phishing expeditions, and jumping over firewalls. However, when reaching the data itself, the hacker will quickly find that the encrypted files have little or no value to them.
Better Password Protocols
Once the company incorporates high level encryption technology, and utilizes it at every level of their network, it is time to develop better password protocols. The IT department can set strict guidelines that only accept the best password practices. The training involved at the employee level will teach every member of the workforce exactly how to generate the best passwords. The protocols might include:
- Full Use of the Keyboard – Employee should be taught to take full advantage of the entire keyboard. This means using upper and lower case letters, numbers, and symbols when creating passwords or phrases.
- Between 8 and 15 Characters – Unique combinations that are too short are easy for an online hacker to guess. Combinations that are too long are usually too challenging for the authorized user to remember. Building passwords between eight and 15 characters appears to be the right length.
- Do Not Be Obvious – Employee should be instructed to never use names, places, numbers, phone numbers, special dates or popular phrases. The less obvious a password is, the more challenging it will be to decipher.
- Changing Passwords Frequently – Company policy should mandate that all passwords be changed on a routine basis – every 30 days, 60 days or 90 days.
- One Password, One Account – Anytime a hacker gains access into an account by deciphering one password, they use it on every account. Never use an identical password for two or more accounts.
The cost of a breached network can bring down a company. Because of that, it is imperative to train every employee in the workplace how to safeguard a well generated password. By utilizing the best encryption technology, and providing proper training to employees, companies can heighten the security level of their network servers and maintain control over their valuable confidential information.