Trade secrets and your employees’ passwords

By Bart Justice

No matter what type of industry you find yourself in, protecting yourself, your assets, your employees and your business is of utmost importance. And not taking every precaution for that protection is where too many businesses fail. It only takes one small incident to cause a lot of major damage. You leave a computer unlocked, you say too much over the phone, you open an attachment on an email…and you could lose everything. Most businesses are overloading their budgets with expensive security options, the best technology and software, even hiring professional fraud companies to analyze their level of security, but sometimes, you really have to make sure the small things are covered first.

So many of us think that we’re doing a great job of protecting our information, but the truth is, when it comes to having secure passwords, about 35% are considered weak by current standards, and the other 65% can be cracked. People use the same passwords for every account, they rotate the same passwords when security checks come up, or they only change the password minimally, like adding a digit to it or capitalizing one letter. But as professional hackers get smarter, the higher level of complexity in a password just isn’t enough anymore. Some of the most major breaches that have occurred in the last few years happened because accounts were hacked and passwords were stolen.

Over 70% of users use the same password for multiple sites, and over 30% use the same password every time. Because of this, having one password hacked isn’t the concern – especially for large companies facing a breach, this means that the majority of their passwords can be hacked, causing mayhem and costing them hundreds, thousands or even millions of dollars to fix the situation.

Every extra character or digit you add to a password makes it harder to be cracked by a hacker. Do you know what the most commonly used password is? 123456. If you add even one digit or character to that password, it increases the amount of possible combinations exponentially.

Having a strong password policy, including multi-factor authentication and encryption, is an absolute necessity. Requiring longer passwords is probably the simplest way to enhance security – 8 characters is weak, 10 is good, 12 or more is best. It takes hackers, on average, a month to crack a password that has a high level of complexity, as opposed to a day to crack a password with low complexity.

Password patterns – Upper characters, Lower characters, Special characters and Digits (ULSD patterns) – are easier to crack than ever before. People can remember things better when there’s a pattern, but even in using ULSD, their passwords are substandard. Most common pattern? Choose a word, capitalize the first letter, and add a digit or two to the end – if you think about your passwords, this probably sounds pretty familiar.

Training your employees about proper security measures better be at the top of your priority list. No matter what industry you’re in, how many employees you manage or how many devices you have at your disposal, you and your people need to be educated regularly on the most current protection measures. It’s also up to you to limit the amount of access your employees have – their passwords should only allow them to utilize the system information they need to do their job, and no more.

Every device that has access to your system needs to have complex password protection. Too many times, breaches occur because a device is left unprotected or unlocked, giving a thief or hacker everything they need to cause problems. If you have devices, especially computers, that are no longer being used for business purposes, scrubbing them is not enough – you need to securely destroy the hard drives so that no one can gain access to confidential information by swiping an old PC or digging a hard drive out of the dumpster.

While having a strong password policy in place is key, it’s not the only way to protect you, your staff or your company. There are numerous security measures you can take, but one specific option is to enact a secure destruction policy. Whether it’s shredding your paper files, destroying your hard drives, or handling other items housing confidential data, the best way to ensure that everything is destroyed securely is by partnering with a fully certified and compliant disposal company.