Cyber security breaches pose huge risks to businesses. Client data can be compromised and competitive positions undermined when sensitive information falls into the wrong hands.
The EU is currently considering sanctions against businesses that don’t take reasonable steps to protect consumer data or fail to promptly report data breaches. Fines of up to 2% of business turnover could be imposed if the proposed legislation takes effect. This means that there is an immediate need for businesses to take ownership for the security of their data and to consider the strategies for doing so now.
Verizon conducted a study on successful hacking attempts that occurred in 2012, finding that 90% of successful breaches were due to the use of weak or default passwords. In this article, Kingston Smith Consulting LLP technology risk partner Mark Child outlined six strategies for strengthening online password security. These strategies include frequent password changes, keeping site passwords separated, being careful about publicly shared information on social media pages, checking site verification, using effective password storage techniques and opting for insurance against cybercrime.
These are all excellent strategies to strengthen online security. However, our recent survey highlighted a disconnect between the cyber security threat level people perceive and the steps they are willing to take to strengthen security. This disconnect poses a grave risk to businesses in 2013 and beyond, and unless companies take proactive measures to ensure that employees strengthen their online security, many firms are likely to pay the price in the form of costly data breaches or even legal liability for compromised customer information.
One way to approach this problem is to educate employees on ways they can strengthen online passwords. By teaching employees new methods to make passwords easy to remember but hard to guess, companies can improve the odds of employee compliance.
Another measure companies might consider is creating new policies that mandate frequent password changes as well as the use of upper and lowercase letters and numbers in all business passwords. Such a policy directly addresses a frequent security weakness.
While it is mainly consumer websites that are introducing 2-step authentication to protect users, this method of password security may move into the business world in the future. This involves a second password being sent to a pre-agreed phone number. However, our research shows that staff could find this burdensome, with one in five people surveyed saying they do not have time to go through the process.
No matter how they choose to do it, IT security professionals charged with protecting sensitive enterprise data should proactively address vulnerabilities. The risks are likely to grow in 2013 and beyond.
Bill Carey is VP of Marketing and Business Development at Siber Systems