The threat of cybersecurity breaches is constantly growing, and password security is a main entry point. According to Risk Based Security, data breach activity rose 33.3% in 2019 compared to 2018, with companies reporting 5,183 data breaches that exposed personal information like login credentials and home addresses, and nearly 8 billion records exposed. In addition, over 555 million stolen passwords have been published online since 2017, providing easy access for hackers. A data breach can be devastating for an insurance agency—see what one could cost your agency with our data breach calculator.
Try our Data Breach Calculator
One of the best things your agency can do to protect your clients’ sensitive data and guard against such attacks is practice good password security. This article will give guidance on how to create strong passwords, as well implement password security best practices at your agency.
This article at a glance:
- Create a strong password
- Use a password manager
- Follow password security best practices
- Use a different password for each system
- Store passwords securely
- Don't share accounts
- Change passwords regularly
- Use multi-factor authentication
- Log out & lock your device
Create a strong password
A strong password is one that can’t be easily guessed or hacked due to its length and complexity. Despite understanding the importance of strong passwords, many people continue to use weak ones. A survey by Avast found that 83% of Americans do not use strong passwords.
So what makes a password strong? It should have a good mix of uppercase and lowercase letters, numbers, and special characters. HawkSoft recommends following these standards for all passwords, whether or not a system requires it.
Make sure your password doesn’t contain personal information that is freely available (such as your name or birthday), and stay away from predictable patterns, like putting the uppercase letter at the beginning, or ending with the number 1 and an exclamation point. Stronger passwords tend to be harder to remember, but you can use a strategy like the first letters of your favorite quote, with numbers or symbols substituted where they make sense. For example, 2boN2btit? could stand for Shakespeare’s “to be or not to be, that is the question.”
Even so, strong passwords can be difficult to remember, which is where a password manager can help.
Use a password manager
The best way to ensure your passwords are strong and secure is by using a password manager. A password manager is an app or browser plugin that generates strong passwords and securely stores them for all your accounts. You only need to remember one master password, and it will autofill your login information for all your accounts.
There are many password manager tools available, both for free (e.g. LastPass) and through paid subscription services (e.g. Dashlane). The best password manager for your agency will vary depending on your needs, but Wired, CNET, and PCMag provide good password manager reviews, recommendations, and comparisons.
Follow password security best practices
Having a strong password is only one element of password security. It’s vital to have processes in place at your agency to make sure your passwords remain secure, and it requires the participation of every staff member. Train your staff—and yourself—to use these best practices for password security.
1. Use different passwords for each system
According to a poll by Security Boulevard, 59% of people use the same password everywhere. That means if a cyberattack can get one of your passwords, all of your accounts are at risk. Make sure that you use a different password for every system, especially between business and personal accounts.
2. Store passwords securely
One of the biggest difficulties with passwords is storing them securely. Writing down passwords is not recommended unless they are kept in a locked location, and storing them in a document on your computer can be equally risky if your computer ever becomes compromised. Never share passwords through email or over the internet in any fashion, including in cloud storage. A password manager is the best way to store your passwords digitally.
3. Don’t share accounts
At an agency, each employee should have their own profile and login for their workstation and all necessary systems. Don’t share account logins among multiple people, whenever possible. If sharing login information is unavoidable, use a password manager that has the ability to share your login info with others without displaying your credentials to them (Roboform is one system that has this capability).
Store individual & universal passwords securely in HawkSoft
Did you know your agency can securely store credentials for carrier sites and other essential websites in HawkSoft, either by user or universally for all users? See our help article on Policy Company Setup for more detail.
4. Change passwords regularly
The best way to ensure passwords remain secure is to update them regularly. We recommend updating passwords every 60 days. You should also update passwords when staff turns over, so that those who are not current employees can’t access any of the agency’s accounts. Lastly, you can regularly check sites like Google Password Checkup or Mozilla Firefox Monitor, which will tell you if email or password has been exposed in an online data breach—if so, change your password immediately. Again, a password manager will help you easily update passwords when necessary without having to commit them to memory.
5. Use multi-factor authentication
Multi-factor authentication is when a system takes an additional step to verify your identity, usually by sending a verification code to the account’s email or phone. This provides an additional layer of security when logging in, and we recommend enabling it for any systems that provide the option.
6. Log out & lock your device
Even the strongest password won’t do you any good if you haven’t logged out and someone else can access your computer. Remember to log out whenever you are finished working in a system, especially if you are using a shared or public computer. The “remember me” option can be tempting, but it’s better to log in each time and use a password manager to autofill your login information. Get in the habit of locking your computer (Windows key+L or Ctrl+Cmd+Q for Mac) every time you step away from it, so that no one can access your accounts through your computer.
One piece of the cybersecurity puzzle
Improving your agency’s password security could mean the difference between a cyber attack's success or failure, but remember it’s just one integral part of overall cybersecurity for your agency. Read our cybersecurity article and download our Cybersecurity Checklist below for more tips and resources on keeping your data protected against cyber attacks.
Get more tips for increasing cybersecurity at your agency