The numbers are so big, it’s hard to get your head around. A data dump of 10 billion passwords was leaked, the largest password leak ever.
These compromised passwords are now out there, ready and waiting for cybercriminals to dig in and use them anytime they wish. This is impactful because many people still use the same password across multiple platforms, meaning once they have a way in, they can try that across the web. The ripple effect is larger than most imagine.
Why Stolen Passwords Is a Big Deal
Passwords were stolen – what’s the big deal? You have security in place. You use tools and resources to protect your systems.
That’s how most companies think, until they are hacked. The dark web is resourceful, constantly looking for ways in. And healthcare data is a big deal – it’s the most compromised, most lucrative data in the world.
Stolen passwords give cybercriminals access to financial records, systems data, and personal health information. Once in, they can sneak around into all of your systems and data, stealing at will. They take passwords and pilfer data. They plant malware for easy access the next time they feel like visiting.
This offers long-term value. They can use it. They can sell it. And as noted above, with people using the same passwords across platforms, this has never-ending potential.
Stolen Passwords Lead To …
With stolen passwords in their hands, cybercriminals can do many things.
Launch phishing attacks. Access files and systems from anywhere in the world. Use manipulation to appear as upper-level management asking lower-level employees to reveal even more.
This is where it becomes damaging. And it’s where your facility can experience tremendous loss:
Financial loss
With the right password, cybercriminals can make unauthorized purchases or transfer funds out of your facility and into their own bank accounts.
Reputation damage
If you suffer a significant breach or financial loss, it becomes more than an internal problem. Suddenly, you have to notify everyone associated with your facility, and that kind of news is hard to take. Customers might look for safer alternatives, and fewer businesses may choose to partner with you. The devastating results can be a fast downward spiral.
Legal trouble
Working in a heavily regulated industry means you’re constantly under legal and regulatory authority. Breached passwords can lead to serious legal trouble. You’ll have to notify legal authorities that data was breached or stolen. HIPAA penalties may be applied if you sell medical marijuana.
Mitigate These Risks
You’re reading this. This is the first step. By identifying your cannabis business is at risk, you can take steps to thwart potential future cybercriminal activity.
Implement password requirements
Establish a policy that requires strong passwords. This includes using a mix of uppercase and lowercase letters, numbers, and special characters. Require employees to change passwords regularly.
Implement multi-factor authentication
Requiring users to provide two or more verification factors adds an additional layer of protection. It’s a combination of something a user knows, like a password, something the user has, like a security token, and something from the user, like a fingerprint.
Offer continual training
Education is key when teaching employees about security. Training should include how to create strong passwords and the importance of using them as they login to different systems. They should be made aware of the ways cybercriminals look for ways in, including phishing attacks and how to avoid them.
Implement access controls
Not every employee needs access to all the data. Limit who has access to what, and monitor activity regularly.
Stay up-to-date
Don’t forget to update software, devices, and operating systems with patches and updates.
Implement data backup procedures
All data should be backed up regularly at an off-site location. Be sure you understand recovery methods and have a plan in place in case of a disaster.
Use a dark web monitoring service
This can detect potential data breaches, alerting you to trouble early on. You stay ahead of threats, and implement corrective measures before they get too deep.
Concerned About Your Password Security Measures?
We all face moments when we fear the worst. If you’re reading this, you might be worried about how well your security works when facing cybercriminal activity.
Use this as your wakeup call. Figure out where you currently stand. Strengthen every aspect of your security, including password protection.
If we can help, give us a call.
For IT Strategy, Security and Compliance, or Help Desk Services, reach out to us at Cannabis Technology Partners 360-450-4759.