Eighty percent of breaches in confidential customer data can be traced back to compromised passwords, according to a 2012 report from Verizon. As identity theft grows more prevalent, businesses like your independent community pharmacy should take full measures to secure sensitive customer data—starting with your passwords.
If you accept credit cards, it’s even more important that you have strong passwords. All businesses that store, process or submit cardholder data are required to comply with the Payment Card Industry Data Security Standard (PCI DSS), and one essential part of the PCI DSS is password security.
Improving the strength of your pharmacy passwords is one simple step you can take today to safeguard your patients and your business.
Common ways hackers break passwords:
Data thieves use a variety of mechanisms to break security systems. Here are a few of the most common methods.
Phishing
You’ve likely experienced this scamming technique. (More harmless forms are often referred to as spam.) The hacker sends an email or some sort of urgent message to provoke the target audience into responding and releasing personal information.
Dictionary-based
This method involves software that quickly searches a custom dictionary or word list until a match is found that decodes a password.
Guessing
Similar to dictionary-based attacks, this technique uses a computer program that compiles personal information found online, such as the names of pets or license plate numbers, about the target and runs it against a username.
Shoulder surfing or social engineering
Hackers who use this mechanism have personal contact with the victim and solicit the information directly from him or her. Most of the time, the target unknowingly divulges the information to someone who they believe is trustworthy.
Brute force
A brute force attack is time-intensive. The hacker creates software that checks a password against every conceivable combination of characters. This may sound impossibly tedious, but brute force attacks can crack simple passwords in less than a second.
How to create strong passwords:
Strengthening your pharmacy’s passwords is often all it takes to avoid common password crackers. Follow these do and don’ts of password security to better protect your patients and your business.
Dos for choosing passwords:
Do keep passwords for your pharmacy systems completely separate from individual accounts. This reduces the likelihood of a breach if someone unlocks your personal information.
Do set up a password that is sufficiently complex. The best passwords are at least eight characters in length and contain uppercase and lowercase letters, a numeral and a special character. By changing your password from an all-lowercase word to a secure combination, you make it exponentially more tedious to crack.
Do educate your entire staff on how to store passwords. If you must write sensitive information down, don’t store it in an area that is easily accessible. And considering some data thieves attempt to breach your systems by posing as an IT specialist or some other technician, set clear guidelines on who should have access to sensitive information.
Do make sure all of your staff creates secure passwords. One weak link is all it takes for hackers to gain access to your entire network.
Don’ts for choosing passwords:
Don’t include any personal information in a password. This covers everything from names of loved ones to birthdays and phone numbers. Refrain from using words or names related to your pharmacy, as well. These passwords may simplify your life, but they also simplify the task for a hacker.
Don’t leave passwords as the default or set them as the word “password,” which is still the most common password in existence. For data thieves, this looks like a “Welcome!” sign on the front door.
Don’t get complacent. It’s better to be proactive than reactive. If you feel like passwords may be at risk, update them regularly.
Note: This list is not comprehensive and following it will not guarantee complete protection. For in-depth resources, visit the website for the PCI Security Standards Council.
Related articles:
How to Safeguard Your Patients’ Credit Card Information
10 Tips to Prevent Internal Theft in the Pharmacy
10 Pharmacy Crime Prevention Tips
