As yet another account creation screen prompts you for a username and password, in hopes to save time to get to your real work, you default to your standard password — a simple one that you know you’ll remember, and that you’ve used for countless other logins.
But hidden somewhere behind the wires, routers, and cloudless computing, someone has been counting on your predictable password habits. And just like that, your credit and debit card numbers, social security number, and other sensitive information is now in the hands of a stranger, and potentially being sold to the highest bidder.
So, in honor of World Password Day, a day to build awareness on an increasing need for strong password habits to protect individuals and companies from cyber-attacks, we’ve put together a list of password policies and best practices that every business should implement.
Password Policies and Best Practices
Minimum Password Length Policy: Require passwords to be a minimum of ten characters. By using more characters, the possible password combinations increase dramatically. The more possible combinations that exist, the harder it is for someone to discover your password.
Minimum Password Complexity Policy: Require passwords to contain at least one number, capital letter, and special character. Using this variety of characters is another method to make it more difficult to hack a password since it increases the number of possible combinations even further.
Maximum Password Age Policy: Set a period of time after which passwords expire and must be reset. Just like many items in this world, passwords have an expiration date of when it's time to get rid of them. Regularly updating your password gives you a fresh start and rejuvenates the health of your cyber-security. One easy way to do this is to add a reoccurring reminder in your calendar to update your password.
Minimum Password Age Policy: Set a period of time before a previously used password can be used again. This precaution further enforces password diversity to make it harder to hack your password.
Password History Policy: Require a number of unique new passwords associated with a user account before the user can reuse an old password. Recycling the same password back to back can leave you more vulnerable than you realize. Using new passwords in between previously used passwords gives you an added layer of security.
Password Lockout Policy: Disable a user account if an incorrect password is entered too many times over a specified period. This is a no-brainer. Limiting the number of password entries before locking an account is a natural deterrent to getting hacked.
Password Audit Policy: Track all password changes to quickly identify potential security issues and ensure user accountability. Having transparency into users' passwords will allow you to make sure policies are being followed and your overall cyber-security is in good standing.
These password policies and best practices will help secure you and your company from the hackers who are constantly looking for a way into your computer systems.
With an emphasis on strong and ever-changing passwords, companies now can also utilize programs such as LastPass and 1Password to make sure password protocols are followed. LastPass and 1Password automatically generate long, complex passwords for you — and even store them all in one location and securely share them with others. While you may have avoided using such passwords before because you were afraid you’d forget them, LastPass and 1Password make sure you never have to remember a password again. And the data you enter through either program has end-to-end encryption and secret keys to authenticate your identity. The cost for these tools is minimal, especially given your company’s potential exposure in the event of a compromised password.
At Leap | Carpenter | Kemps Insurance Agency, we’ve implemented password best practices, and our employees use LastPass to keep their passwords secure (although their favorite part is not having to memorize a cadre of complicated passwords). But from our own experience, and from what we’ve learned helping our clients, we know that sometimes even the best password protocols aren’t enough. That’s why we use, and recommend having, Cyber Insurance.
Using Cyber Insurance as a Further Safeguard
Even though companies can reduce their cyber-security risks by introducing better protections — including with their passwords — cyber-security threats are an omnipresent concern for all companies in the digital age.
Mostly recently, large companies like Equifax have suffered enormous data breaches. Equifax’s total exposure for a single breach may ultimately total $600 million.
While the Equifax-type breaches grab headlines, small businesses are equally at risk: 43% of all cyber attacks target small business. Even more alarming, 60% of small businesses are forced to close their doors within six months of a cyber attack. The financial costs to all businesses—both large and small—for cyber security breaches are enormous.
In light of these risks, Cyber Insurance has become a staple for companies to protect themselves from the costs of a cyber-security breach or similar event. Currently, nearly one-third of all U.S. companies purchase some type of cyber insurance. Cyber Insurance protects companies from both first-party incidents (incidents internal to the company) and third-party claims (lawsuits threatened or filed by others).
Specifically, Cyber Insurance normally covers:
Monetary losses due to network downtime
Investigations to determine how a breach occurred and what damages resulted
Data loss recovery and associated costs
Legal expenses resulting from the breach of confidential client information and intellectual property
Required notifications to customers for data breaches
Ongoing credit monitoring for customers whose personal information was obtained
Ultimately, the coverage provided by Cyber Insurance can be tailored to fit every company’s unique needs.
As a business owner, costs are consistently at the forefront, and are one of the most compelling reasons that a company will forgo necessary insurance. Fortunately, premiums for Cyber Insurance are minimal. The cost varies by industry type, the type and amount of records stored, and annual revenue. While the annual premium for Cyber Insurance for small businesses typically hovers around $1,000, mid-sized businesses with a greater number of client records will have premiums closer to $7,500. The annual premiums, while a cost to the company, are a fraction of what companies without Cyber Insurance ultimately pay in the event of a cyber breach.
Leap | Carpenter | Kemps is Here to Help Protect Your Company
Leap | Carpenter | Kemps Insurance Agency understands the financial impact that a cyber security breach can have on companies. Our team of experienced and licensed professionals can help you assess your risk exposure and identify a policy that fits your company’s needs. For more information on how to safeguard your company with Cyber Insurance, contact one of our knowledgeable agents today.
Shawn Dwyer specializes and has a deep understanding of captive insurance, workers' compensation insurance, general business insurance, and safety and risk management.
Need more Specific Advice?
Tell us about your exposures, and we'll write an article about how we would mitigate your risk.
Leap | Carpenter | Kemps Insurance Agency provides Commercial Business Insurance, Employee Benefits, Life and Health Insurance, and Personal Insurance to all of California, including Merced, Atwater, Los Banos, Mariposa, Madera, Fresno, Modesto, Turlock, and Stockton.
CA License Number 0646081 | Licensed to do business in California, Arizona, Hawaii, Idaho, Montana, Nevada, North Carolina, Oklahoma, Oregon, Virginia, West Virginia and Washington.