The largest data breach in history occurred in 2013 when cyberattackers stole data from about 3 billion accounts on Yahoo and its subsidiaries, according to TechTarget. These included Flickr, Yahoo Finance, Tumblr and Yahoo Fantasy Sports. Names, passwords, phone numbers, security questions and password reset emails were all taken.
While data breaches on this scale are relatively rare, they do occur, and data breaches as a whole happen far more often than you might realize. Sensitive personal information can be stolen and sold, which can result in severe consequences for a company's customers or employees — up to and including identity theft.
If you own a business, you'll want to prepare your employees in case a data breach happens. They'll need to know when they're the victim of a data breach, what to do in case their passwords might be compromised and how to create passwords that are difficult to crack.
How do you know if you're the victim of a data breach?
It's simple enough for anyone to know if their information has been potentially compromised after a data breach. Many smartphones, browsers and security software keep track of known data breaches and will inform you if you've been affected.
In Google Chrome, for example, if you go under settings and click the Privacy and Security tab, you will see an option near the top of the page to check if any of your information has been exposed as a result of a data breach. Some services will automatically notify you. You must utilize these tools so you can know right away if any of your organization's information may be compromised.
What should you do if your information is compromised?
First, change any passwords that may have been affected. If you're the victim of a data breach, you should no longer use the same password that may have been compromised. The same goes for your employees if the organization's whole network was breached.
This is why it's important to use different passwords for different accounts. If a data breach affects one account and you reuse its password with other accounts on different websites, all those accounts are potentially compromised. You can help isolate the damage by limiting the number of accounts for which you use the same password.
How Do You Create a Strong Password?
Remember: It's good practice to not just change your password, but also to make it stronger and harder to crack. The best passwords are those that are long, include special characters and numbers, have a mixture of uppercase and lowercase letters and don't include any personal information or words that you can find in the dictionary.
Utilizing acronyms can help you devise strong passwords, per Laptop Mag. If there's a sentence or phrase that is meaningful to you, it will be easy to remember. Maybe you're a Robert Frost fan and like the poem "The Road Not Taken." The last line in the poem is particularly memorable: "And that has made all the difference."
You can use this phrase to create a very strong password by turning it into an acronym and spicing it up. Take the sentence, turn it into an acronym, mix uppercase and lowercase letters, add a few numbers and round it out with a special character. This gets you "30aThmATD*92." A password like this would be extremely difficult to crack, and after typing it a few times to get used to it, it'll be relatively easy to remember.
How Do You Keep Your Passwords Secure?
You might see your workers write their passwords on Post-It Notes and stick them to their monitors. The problem with this is that anyone can see them. Wrongdoers might notice those Post-It Notes and use the information on them for nefarious purposes. You must discourage your employees from doing this. Also, such lax behavior could indicate a general lack of cybersecurity urgency, and that could make a breach or hack more likely.
While you should use different passwords for different accounts, keeping track of them all is nearly impossible on paper or by memory. You shouldn't expect your employees to have that kind of recall. Instead, you might want to consider a password manager. This type of tool stores all your passwords in one place with one master password to access them. Of course, you'll want a very strong master password to keep your other credentials safe.
For a valuable extra layer of added security, take advantage of two-factor authentication, per MITechNews. This means that when you enter a password, you will then need to use a smartphone or email account to receive a randomly generated code, which you then plug into the service to log in.
Data breaches can be extremely compromising and expensive, but you can protect yourself and your employees by utilizing good practices for keeping your passwords strong, safe and secure.
Here at the Inventu Corporation, we equip organizations of all sizes with a revolutionary web terminal emulation tool called Inventu Viewer+, a high performance emulation solution that is built with C at its core. Inventu Viewer+ supports SAML 2.0 and other identity technologies to enable securing your critical mainframe applications. This allows deployment of reliable and safe software using clean HTML and JavaScript hosted on secure Windows servers. All in all, the Inventu Viewer+ web terminal emulation meets employer and staff expectations in a way that feels both familiar and simple. Contact us today and see how Inventu can help you integrate your active terminal emulation with the best web identity frameworks available.