According to a Verizon study in 2020, a staggering 81% of IT security breaches are caused by weak passwords.
This post looks at what a security breach looks like and what you can do to recover from one. Even better, we look into the best ways to prevent a security breach in the first place – including switching multiple passwords for a single password manager.
What is a security breach?
There are different ways in which a business’s IT systems can be compromised, some more serious than others.
Some security breaches cause disruption to services and damage to systems, but actual information is not accessed or stolen. Such examples are DDoS attacks (Distributed Denial of Service) and some kinds of malware infections. While this can be disruptive and costly to a business, it is usually less damaging than a so-called ‘data breach’.
A data breach is where a hacker (or opportunist) accesses and/or steals information within a device, system, or network. It can lead to sensitive data such as payment card details, passport information or medical notes being stolen. These may be sold on the ‘dark web’ and further used for fraud or identity theft. Sensitive information can also be used to blackmail business, or its customers as seen with ransomware attacks.
Some of the ways in which individuals or groups can carry out a security breach include software exploits.
However the use of weak passwords is by far the biggest culprit in security breaches.
Breach recovery and prevention
If your company does suffer a data breach, you may have to report it to the Information Commissioner’s Office (2). This will depend on whether the information is classed as personal data. This assesses whether the loss of the data is likely to harm the person’s rights and freedoms (including causing distress).
The report must be made within 72 hours of you first becoming aware of the data breach. It should include details such as:
- The severity of the breach
- The type of breach (e.g. malware, phishing, exploit, device theft, etc.)
- The sensitivity of the information accessed
- How easy it would be to identify a person from the data
- The possible consequences of the breach
- Whether there are special characteristics regarding any of the individuals affected. For example, if the breach involves data relating to children, vulnerable adults or people with protected identities.
You would need to give the ICO the contact details for your data protection officer, and explain how you intend to deal with the breach. There are forms on the ICO website to help you with this.
If a person’s rights or freedoms are at risk, you also have a duty to inform that person ‘directly and without undue delay’.
Preventing a Security Breach
Of course, preventing a security breach in the first place is the ideal solution. Some positive action steps you could take include:
- Consider using a password manager (see next section)
- Setting up or improving cybersecurity training. This includes training on phishing and password hygiene as these are the most common ways in which IT is breached.
- Audit and upgrade any outdated software (e.g. Windows Operating Systems) to minimise the risk of exploits.
- Enforce a strict mobile device policy to keep home and work activities separate.
- Keep multiple backups, including at least one off-site backup, to protect data from being lost in a local incident.
- Invest in a powerful cybersecurity system designed for your corporate IT networks.
- Set up or refresh a disaster recovery policy so that all employees know exactly what to do in the event of a breach.
LastPass: overcoming the password dilemma
Why do we use weak passwords?
Why do some employees use weak passwords despite all the information out there to make them as strong as possible?
Sometimes it is a lack of awareness of password hygiene, but there is another common reason. Employees often have multiple passwords needed to access various systems throughout the day. They may also need to change those passwords every so often in line with company policy.
Since they are aware that writing passwords down is a security risk, they opt for a password or set of passwords they know they will remember. This goes against the recommended measures that include using a mixture of uppercase and lowercase letters, numbers and symbols.
The Password Manager Solution
One popular solution to this dilemma between security and convenience is a business password manager such as Lastpass.
LastPass acts as a secure vault. Inside it, all of your employees’ system logins, protected documents and other sensitive credentials can be locked. When the employee needs to access any system, they simply log in to LastPass and the software does the rest.
As the name suggests, this new password is designed to be the last password an employee will need to remember. Therefore, they can and should make it as strong as possible.
IT Support for your Data Security
No Problem Technologies is here to help you with all your IT security needs.
We can assess your current security measures with regards to where your data is stored, how it is protected and backed up. We can then set up a process to minimise security breaches and ensure all your data is kept as secure and protected as possible.
To find out more about the services that we offer, get in touch today.