« Disaster Recovery

Stronger passwords will benefit business continuity planning

Ensuring that a business has properly encrypted passwords is an aspect that should be included in a comprehensive business continuity plan.
Ensuring that a business has properly encrypted passwords is an aspect that should be included in a comprehensive business continuity plan.

The beauty of a simple password is that a user can easily remember it, even if a significant amount of time has passed since the last login. However, a simple password also means that cybercriminals will have a much easier time figuring it out.

In an increasingly digital age, where many businesses have sensitive data stored on computers and encrypted with passwords, decision-makers need to ensure that comprehensive risk assessment accounts for online security. Regardless of a company's size and stature, it can still have information stolen if a system is not properly protected. 

For example, healthcare organizations need to ensure that their systems have encryptions that cannot be easily broken. With electronic medical records (EMRs) becoming more common in medical facilities, this is especially critical.

According to data from Verizon, in 2011 and 2012, 72 percent of cyber attacks on healthcare organizations occurred when criminals simply guessed – or used an automated system to guess – passwords and other credentials to gain access to computer systems.

"Unfortunately, when people reuse passwords to access multiple points, a compromise of one could result in the other," Ryan Permeh, chief technology officer for the security firm Cylance, told the news source, adding that different passwords should be used for each account requiring login credentials.

The Data Breach Investigations Report also showed that smaller practices were at higher risk, as they often have fewer firewalls and zero-cost security measures. Breaches in the healthcare sector accounted for 7 percent of the total incidents in Verizon's findings. In 2011, those numbers were just 1 percent of reported breaches. 

For organizations of all sizes, across multiple industries, a thorough business continuity plan needs to account for a multitude of threats. That way, should a data breach occur, business resumption can happen as quickly as possible.