I don’t know about you, but whenever I visit a new website and it requires me to create a profile with a password, I groan.
We hate passwords. We hate creating them. We hate remembering them. The most common passwords like password, 123456 or qwerty are proof of this.
This summer gave us a high profile example of just how common it is to use simple passwords for multiple logins.
Hackers got into Facebook CEO Mark Zuckerberg’s Twitter and Pinterest accounts. From the 2012 breach of LinkedIn, they determined Zuckerberg’s LinkedIn password was dadada. They tried it for his other profiles, and it worked.
Zuckerberg is as guilty as the rest of us who make the most basic security mistake. Using an easy-to-guess password on multiple websites.
Symantec in its 2016 Internet Security Threat Report said small businesses made up 43 percent of the cyber attacks in 2015. (In 2011 small businesses were only 18 percent of the attacks.)
Cyber attacks and data breaches are not just for large corporations. Hackers do not discriminate between a large and small business. They are after personal information they can profit from. If you have such information, and you do, you are at risk.
Data security is critical to your agency operations. Why? Because a $1,000-$100,000 fine per incident can put you out of business.
There’s a lot that goes into keeping your agency secure from a breach. The first thing you should do? Start using better passwords.
“A tree that does not bend with the wind will be broken by the wind.” ~ Chinese proverb
What a Strong Password Looks Like
The first line of defense against a potential breach is the password you use. But, our passwords aren’t strong enough. Ninety percent of employee passwords are crackable within six hours.
Which password do you think is stronger? Ilov3you! or Ilov3kale!
It would take a computer four weeks to crack the former. It would take a computer six years to crack the latter.
Why the difference when they seem almost the same? I love you is a common phrase, whereas I love kale is not.
“Include upper and lowercase letters and at least one number” is common advice when creating a strong password. But, it’s not enough.
These days passwords that are at least 12 characters long and include a special character are stronger.
Here are some tips to help you create a strong password:
• Use a minimum of 12 characters and include all the characters allowed, e.g., upper and lowercase letters, numbers and special characters.
• Avoid common patterns. Making the first letter of your password uppercase and putting the numbers at the end is easy to crack.
• Don’t use obvious substitutions. In my above example, replacing the letter e in love with the number three is an obvious substitution. Other examples of obvious substitutions: waterc0l0r, ye@rbook, a1rplane.
• Use random words that don’t logically go together. For example, black dog is a common phrase that computer programs can instantly guess. Even using bLackdog1 isn’t that great (crackable in four days).
But, dog storms sincerely is a much stronger password. Why? These three random words don’t make sense together and aren’t grammatically correct. It would take a computer 23 million years to crack it, even without other characters.
• Or, use a phrase instead of words if that’s easier for you to remember. For example, “My first car was a 1995 Dodge Neon. It was white.” Use the first letter of each word and all the numbers. The passphrase would be Mfcwa1995DN.Iww. Three trillion years to crack by the way.
Wondering how long it would take to crack your password? Find out with this website.
Unique is Important, Too
But, it’s not just using a strong password on your insurance agency software and hardware. Using a unique password for each login is also critical.
A strong password does you no good if you are using it for every login you have.
According to LastPass, it’s not that we don’t know there is a risk to reusing our passwords. We do. But, 61 percent of us are doing it anyway.
How to Remember Your Passwords
The main reason we continue to reuse our passwords even though we know we shouldn’t? So we can remember it.
Most of us don’t change our password for security reasons. We change it because we forgot it, according to LastPass.
There are a few ways you can remember your passwords.
• Create a strong password base using the tips above. Then, add something unique to the website or system like name or color. For example, dog#Storms77rater for your comparative rating system. Or, iLove@skyblue95Kale for Twitter or iLove@red95Kale for Pinterest.
• Make a tip sheet, if you must write them down. Use clues to help you remember instead of the actual password. Whatever you do, don’t name the file passwords. And, don’t put them on a post-it on your monitor.
• Use a password manager. There are several options. Here’s a short list to get you started: LastPass, 1Password, Dashlane and KeePass. Find one that works for you.
A Password Policy
It doesn’t stop with you. Your security is only as strong as your weakest link.
Educate your employees on the importance of using strong and unique passwords. Stress how important it is to keeping client data safe. Then, put policies in place around password characteristics and updates to improve their security.
For example, require your employees to log into their computer with a strong, unique password. Then, force them to change that password every 90 days.
Set a policy that employees need to lock their computers when not sitting at their desks. You can also force a screen saver lock when a computer is idle for a certain period.
Strong, unique passwords are an important first step in keep your data safe. But, you need to do more than that. Educate yourself on cyber security. Assess your risk, and create a security plan. Educate and train your employees on your plan.
The Modern Agency monthly blog series discusses various topics related to the success and growth of independent insurance agencies in the modern market.