It may seem with data security breaches that it’s less a matter of if than when. Account security is vital, yet hackers continue to get smarter and faster at stealing valuable customer account data. While it’s true that there isn’t a 100% guarantee you won’t have unauthorized account access, often referred to as account takeover or ATO, it doesn’t mean your business can’t take steps to prevent the most common and prevalent forms of computer hacks.
Discover how to prevent account takeover with these five simple tips.
Create a strong defense
In the online world, the best defense you have against unauthorized access is strong password protection. Passwords that are recycled or reused by employees provide an easy entry point for hackers, just like passwords that don’t change. A strong password is thought to be distinguished by characteristics that include randomness, length, uniqueness, and a difficulty to guess. To develop these, employees often create a number of systems such as altering known phrases or using a password generator, but these techniques can also cause a problem.
Employees have difficulty remembering continually changing secure passwords.
New guidance from the National Institute of Standards and Technology (NIST) acknowledges that we are only human. Instead of focusing solely on security, they suggest a compromise. NIST senior standards and technology advisor Paul Grassi suggests, “If you can picture it in your head and no one else could,” said Grassi, “that’s a good password.” Keeping usability and security both in hand, the continued guidance includes:
- 8-64 characters
- the ability to use or not use special characters without restriction
- no sequential letters or numbers
- restrictions on context-specific words, (ie acmepassword)
- restriction of commonly overused passwords
NIST guidelines also suggest that one of the most important things to remember is to never use passwords that were in place prior to a breach, as these may have continued vulnerability. In addition to setting out rules, you’ll want to ensure a full understanding of your team.
Educate your team
While having a great password policy in place will help, educating your team on why and how this works can help even more. Entrepreneurial experts suggest that employees perform a task at higher levels when objectives and expectations are fully understood. When implementing your new security policies for strong password protection:
- State the objective in specific, quantifiable terms through detailed instructions.
- Check for understanding of the given instructions, realizing that people have different learning styles and may benefit from verbal feedback or written, or may need a demonstration for full clarity.
- Follow up. Don’t just assume these policies have been done, but check for completion of your process.
When your employees understand their vital role in company account security and are clear on how to accomplish this, your chances of a breach will drop.
Protect and Detect with the right technology
By the time an account breach shows up on a public forum, the damage is already done. Scanners, crawlers, and scrapers don’t typically detect a breach until the information has already been sold on a public forum. For early detection, you need advanced and sophisticated technology. Choose a company specialized in early detection to proactively protect any accounts that are currently exposed to account takeover in addition to preventing future attacks with your high-level security practices.
Relying on scanners and crawlers alone just isn’t enough anymore.
Full Stop
Despite your best efforts, a breach can still happen – and when it does, you need to come to a full stop. Employ technology that can automatically and instantly force a password lockout and reset. The employee will be fully locked out of all accounts until the reset is completed and administrators must be notified of the breach. Coach the account-holder to survey all of their accounts to make sure no additional data either personal or professional has been compromised. Remind the employee that any previously used passwords could now be at risk.
Protect yourself and your business from account takeover by following these steps and getting help where you need it. Create well-known security practices onsite and choose a high-tech ATO prevention solution.
Thanks for reading this article. If you're new here, why don't you subscribe for regular updates via RSS feed or via email. You can also subscribe by following @techsling on Twitter or becoming our fan on Facebook. Thanks for visiting!
