Passwords are worth their weight in gold to hackers. Once a cyber criminal figures out an employee’s password, he has an entry into the company network. From that point, using other tools, the hacker can steal just about anything he wants, and wreak havoc in the process.
Make passwords complex and multifaceted
According to the SANS Institute report entitled Hacking: The Basics, passwords are an easy target for cyber crooks, often because they are poorly constructed. And even when they are relatively strong, there are numerous ways they can still be cracked.
IT Department folks often tell employees to avoid making their passwords guessable. Still, a lot of people construct their passwords in such a predictable way that huge security holes result. For instance, a worker might make her password the word “password” followed by her year of birth, or the name of her pet.
By researching the employee’s online presence through Facebook, Twitter, and other sites, the cyber criminal can begin to postulate on possible passwords the employee might have chosen.
If your company doesn’t have a password policy that mandates highly complex and unique passwords, you are at higher risk of a data breach.
Hackers can break passwords with little effort
But even if all your employees’ passwords contain unusual letter/number combinations, several symbols, and both capital and small letters, they are still vulnerable. That’s because hackers can unleash a “brute force attack” which can quickly reveal a password. The SANS report explains that a hacker uses a computer to go through every possible combination of letters, numbers, and symbols until the password has been discovered.
A common way the cyber crook knows when he has gotten the right combination is by matching his passwords’ encrypted versions with the encrypted version of the password from the target network. (This makes it unnecessary for the hacker to actually attempt numerous manual logins with wrong passwords – it is essentially eliminates guesswork and makes the break-in process much more efficient.)
An 8-character password can take a few hours to crack, but the time can be much shorter if the hacker is using multiple computers simultaneously to run the process. And, in fact, cyber criminals do sometimes work together, sharing computing resources and technical know-how.
Some hacker-run sites on the Internet even offer crack passwords for other cyber criminals for a fee.
Internet insurance protects against hacking losses
You cannot keep your company’s network completely safe from cyber crime. Simple precautions like developing strong passwords across the system can help, but if a cyber crook wants to get into your network badly enough, he will likely figure out a way to do so.
In the present state of network security, purchasing Internet or cyber liability insurance is a wise investment. We at INSUREtrust can build a robust, tailor-made cyber risk policy for any small to medium-sized business.
We have been cyber liability insurance experts for over 15 years. Over the past ten years, INSUREtrust has written more than $100 million in premiums and paid more than $30 million in claims. Insurers are looking for business and we can find competitive pricing and terms for any risk.