Even companies that spend millions on data security still have to deal with an unfortunate reality: Their efforts can be undone by a single mistake. Something as simple as one employee connected to a network clicking on the wrong link can allow hackers to worm their way into a system and potentially cause a massive data breach. As such, it's vital for businesses to make proper employee training a big part of their overall security posture.
Password security is often a big issue because people have a tendency to want to keep their login credentials simple and fall into habits that make their codes very easy to guess, according to new analysis from Keeper Security. For instance, 4 of the 10 most common passwords used by consumers last year were six characters or fewer, which makes them easier to crack, and the most common password used last year was, surprisingly, just "123456." The second-most common was only slightly more complicated: "123456789."
Even those that tried to be a little more complex by mixing letters and numbers were often along similar lines, such as "1q2w3e4r" (ranked 17th-most common), which uses the first four numbers and first four letters on the keyboard, the data showed. And problematically, the 25 most common passwords were collectively used more than 50 percent of the time in the 10 million user login details examined in the study.
Make it part of the strategy
To that end, it's vital for companies to require users to change their passwords on a regular basis, according to eWeek. Further requiring that these passwords must be unique from those used in the past will force users to quickly make their passwords a little more difficult to guess in a brute-force attack, and can go a long way toward improving security. However, it's also vital for businesses to stress that people should use different passwords for every account they have, which is something nearly everyone is guilty of avoiding.
Further, properly training workers about how to spot phishing attempts via email or social network can likewise help to shore up a system's security because it will simply make people more vigilant about how they surf the web on a daily basis, eWeek advised. Further, encouraging – or perhaps even forcing – workers to make sure all the security software on their work devices is a good idea as well.
To that end, it might also be wise for companies to work with a firm that can provide security options via data center services that further help to improve the safety of their IT infrastructure. Something as simple as firewall software and other security options can go a long way for many businesses worried about being hit by malware and viruses. Moreover, it might be wise to craft disaster recovery (DR) plans for when and if something does go wrong.
Set that policy
When putting together those types of plans, decision-makers need to consider many issues that may uniquely alter their companies' risks for being affected by such an attack, according to Enterprise Innovation. Often this relates to the kind of data they need to protect and what they can reasonably do to safeguard it, while also considering other issues like convenience and efficiency. This is especially true in industries with stricter regulatory requirements.
"My task is to figure out how to meet market demands and, at the same time, meet the various compliance requirements," Tony Lee, vice president of IT for the serviced residence giant The Ascott Limited, said at a recent panel, according to the site. "One such example is access security. The challenge is to enable seamless access for our properties that are farthest away from our base, for example, Tier 3 cities in China. I am constantly engaged in deciding on the impact of key service deliverables to guests such as guest WiFi."
While there are a number of industries that can fall into this category, perhaps the most often discussed these days is health care, according to the Financial Express. The sheer volume of data just about any health care provider handles these days – from personally identifying information to medical details and insurance data – makes them a rich target for hackers, and experts say many companies in the field may not do as much as they can to ensure proper data security.
Along similar lines, businesses in the education sector may similarly put students and teachers at risk simply because there is a lot of sensitive information being shared, according to The Hechinger Report. However, despite that risk, many workers in the field – whether it's teachers or office workers – are not given proper training about how to handle it.