When another business experiences a serious security breach, your first thought is likely relief: at least it wasn’t you! Unfortunately, in the aftermath of a major security breach, you don’t have the luxury of simply sitting back and being grateful. In fact, you may find that your business is at a higher level of risk in the aftermath. Thanks to the potential for aftershock breaches, you need to act fast to avoid a potential security problem that will put your company at the top of the next “serious breach” list.
What is an Aftershock Breach?
An aftershock breach is a breach that occurs after the first breach and as a result of the first one. Like an earthquake, security breaches often do not occur in isolation. Once unauthorized usernames and passwords are compromised, the hacker who acquired them will make those combinations part of his private database, which he will then try on any future companies he is attempting to breach. Not only that, the possibility for secondary attackers to get their hands on the information is incredibly high: this data is often sold on the “dark web,” where hackers are eager to get their hands on as much potentially sensitive data as possible.
How Do You Protect Against Aftershock Breaches?
You can’t protect every site that’s used by the members of your company, nor is it possible to consistently watch them to make sure that there’s never a breach. You’ll find out about major breaches via the news; smaller breaches, however, may never catch your attention. Luckily, you have options that will allow you to protect your business.
- Choose an odd way of constructing your passwords to force your users to use passwords that they don’t use elsewhere
- Instruct all users on the potential for aftershock breaches and require them to use unique usernames and passwords that are not used anywhere else
- Institute regular password changes, and instruct your users in the right way to do it: for example, they should know to completely change the password, not just change the number that’s been added at the end of their “standard” password
- Check passwords regularly to be sure that they’re in compliance with your requirements and that your employees aren’t trying to sneak around them
- Institute a password change immediately if you hear about a data breach, particularly one in a business your employees likely use
- Do away with passwords altogether
The Death of the Password
Wait–do away with passwords altogether? For years, passwords have been the primary method for protecting accounts across the internet from unauthorized access–but not anymore. Some industry experts are predicting that, as a result of the continuing risk of aftershock breaches, passwords will become obsolete–especially for business networks that deal with private or confidential information. Instead, businesses are turning to two-factor or multi-factor authentication which makes it more critical that a user proves exactly who they are before accessing confidential information. While not entirely without the potential for a breach, two-factor authentication does offer an extra layer of protection that will help keep your business secure. Not only that, it removes the potential for aftershock breaches to jeopardize your business’s security.
Keeping your business safe and secure is a challenge. Luckily, you aren’t trying to do it on your own! Contact us today to learn how we can help you keep your business more secure, from implementing easy two-factor authentication to help protect against aftershock breaches to changing your other security requirements. A secure business runs more smoothly, and we’re here to help make yours exactly that.
Michael Durante spent his teenage years into his early 20s climbing the ladder in a branch of a successful banking firm, starting as a teller and ending as a Sr. Branch Manager within 6 years. In 2003, he left the banking world to join his father and create TIE National, a telecom company 60 years in the making. Together, they grew the company from a two-man operation solely working on telephones to a multi-million dollar international business with employees in over a dozen states, covering everything from phone systems to cloud products and computer systems. You can find Michael on LinkedIn.