One of the simplest – and least expensive ways – is to pick
Frankly, the entire strength of your IT infrastructure’s security
relies on a single password.
How to Prevent Data Breaches –
The Easiest and Least Expensive Way
DAVE KINSEY, PRESIDENT – TOTAL NETWORKS
STEPHANIE KINSEY, CEO/CFO – TOTAL NETWORKS
Former scouting executive of the St. Louis Cardinals Major League Baseball team, Chris Correa, was
sentenced in July to 46 months in
prison and hefty fines for hacking into
the Houston Astro’s protected computer. How did a rookie cybercriminal
access the competitor’s scouting records? Weak password practices.
Just like many other data breaches,
this unauthorized access to proprietary
files and emails was possible due to
weak security precautions. Chris Correa
was simply able to easily decipher the
password for the Astros because it was
very similar to the password used by
the victim when he previously worked
for the Cardinals. Using consumer software he gained access to the password
the victim used on his Cardinals laptop
when it was handed over to Correa upon the victim’s termination with the
Cardinals. From this first breach Correa
was able to determine login credentials for two other Astros employees.
Data Breaches Continue
Unfortunately, stories of data breaches
continue. While not always the case,
the breaches are often enabled due to
poor security policies. There is not one
solution that will prevent all hacks, but
perhaps one of the simplest and least
expensive ways to start is to pick hard-to-hack passwords. Quite frankly, the entire strength of your IT infrastructure’s
security relies on a single password.
Even if your password is not guessed
by a former employer, passwords can be
guessed by brute force (automated guess-
ing). Passwords can be obtained from a
compromised site, from phishing emails
Why is this so important? Hackers try
to access your important data, searching
for proprietary intellectual data or per-
sonal identification numbers including,
social security, driver’s license, and birth-
days. This information is valuable to crim-
inals. Once someone gets that informa-
tion, getting into your bank account or
stealing your identity becomes much
easier. Cracking your password gives cy-
ber thieves easy access to the goods.
In order to understand what makes a
strong password, it’s important to first
understand what makes a poor password.
Passwords Should Not Be:
n Simple patterns on your keyboard –
including “qwertyuiop,” which is
the top row of letters on a standard
keyboard, or “1qaz2wsx”.
n Favorite sports
n Birthdays or birth years
n Social security numbers
n Baby names
n Swear words
n Car brands
n Written on a sticky note
Good Password Practices:
n Create long passwords of a mix of
different characters, symbols and
numbers. Or use a random phrase
like, “Alpine skiing is fantastic.”
The longer the password the better.
n Do not share passwords
n Never use your business account
password on a public site
n Change passwords regularly
n And finally, resist the urge to use
the same password for all of your
Use a Password Manager
Security will always be at odds with convenience. Passwords that are easy for you
to remember can be easy for someone
else to crack. If remembering different
passwords proves difficult, try a password manager like LastPass, DashLane,
or Roboform. Be sure to use 2-factor authentication to access your vault and
properly configure your password manager with logout timeout policies.
Once you have strong password management down pat, you should review
other essential security precaution tools
including – multi-factor authentication,
commercial-grade network security appliance and subscriptions, malware protection, email filtering, and patch management – and educating your staff.
How Many Hacking Attempts
on your System?
If you need more motivation to keep
your passwords large and in charge, regularly review your system reports to see
how many attempts were made to hack
into your servers – it is sobering.
A little password inconvenience on the
front end, can save you major security
breaches on the backend.
Contact us at 602-412-5025 to answer specific questions or if
you are a legal expert in this area and are willing to share your
thoughts. As a non-lawyer member of the technology committee
of the State Bar of Arizona, and as a member of the Phoenix
legal community, Dave routinely collaborates with lawyer
experts for CLEs, and welcomes all overtures for collaboration.