- Blog listing
- What is the Cost of a Password?
What is the Cost of a Password?
Studies indicate that a breach in data security can cost between $100 and $300 for each record that is breached or lost. Part of the cost includes legal fees, lost productivity from the workforce, regulatory fines, and call-center costs. However, the cost to the reputation of the company in the eyes of customers is almost immeasurable. Typically, the breach of data in most businesses is a result of a poorly secured password.
For most businesses that need to handle confidential customer data, the odds of becoming a victim of a data breach has risen significantly in the last few years. As the potential consequences and risks to the company become greater, many business managers realize that a breach is not “if it would happen” but “when it would happen.”
The Cause of the Breach
Studies indicate that malicious attacks make up the largest portion of a security breach at 37%. Additionally, network glitches are shown to account for nearly 24% of all network breaches. However, the lion's share of the problem belongs to negligent insiders, or employees that simply are not taking enough precautions to guarantee the protection of pertinent confidential information.
Without clear security operating policies in place, protocols and safeguards can become quite lenient. With lax policies, negligent employees are nothing more than recipes for disaster. It allows circumstances to arise that include compromised data, data loss, stolen/lost storage devices, misdirected emails, undeleted files, unencrypted data, and compromised passwords.
However, not all the blame can be placed on the shoulders of the IT department, or the employees using bad policies. If the company does not budget enough resources to provide for critical employee training, then the results will be impaired security and an unsafe network environment. Every employee that utilizes the network must be thoroughly educated on the ins and outs of data security, and how their role influences security within the company.
Reducing Costs through Encryption
Once again the responsibility to adopt stronger, more stringent safeguard measures starts at the top. As cyber attackers learn to be more resourceful using proven tactics and methods to obtain sensitive company information and personal data, it becomes more imperative to utilize encryption technology. Even with the best encryption technology, it is true that hackers might still have the ability to penetrate the office network security layers through malware, phishing expeditions, and jumping over firewalls. However, when reaching the data itself, the hacker will quickly find that the encrypted files have little or no value to them.
Better Password Protocols
Once the company incorporates high level encryption technology, and utilizes it at every level of their network, it is time to develop better password protocols. The IT department can set strict guidelines that only accept the best passwords and pass phrases. The training involved at the employee level will teach every member of the workforce exactly how to generate the best passwords. The protocols might include:
- Full Use of the Keyboard – Employees should be taught to take full advantage of the entire keyboard. This means using upper and lower case letters, numbers, and symbols when creating passwords.
- Between 8 and 16 Characters – Unique combinations that are too short are easy for an online hacker to guess. Combinations that are too long are usually too challenging for the authorized user to remember. Building passwords between eight and sixteen characters appears to be the right length.
- Do Not Be Obvious – Employees should be instructed to never use names, places, numbers, phone numbers, special dates or popular phrases. The less obvious a password is, the more challenging it will be to decipher.
- Changing Passwords Frequently – Company policy should mandate that all passwords be changed on a routine basis – every 30 days, 60 days or 90 days (based on the sensitivity of the pasword). Typically, companies that protect high-level information should change their passwords even more often.
- One Password, One Account – Anytime a hacker gains access into an account by deciphering one password, they use it on every account. Encourage your employees to never use an identical password for two or more accounts.
The cost of a breached network can bring down a company. It has been found that 60% of small businesses will never recover from a security breach. Because of that, it is imperative to train every employee in the workplace how to safeguard a well generated password. By utilizing the best encryption technology, and providing proper training to employees, companies can heighten the security level of their network servers and maintain control over their valuable proprietary information.