Data breach occurrences have skyrocketed over the years. The Bitwarden 2023 Password Decisions survey found that 60% of IT decision maker respondents reported their organization had experienced a data breach in the past year.
According to the Verizon 2023 Data Breach Investigations Report, 74% of all breaches include what Verizon refers to as the ‘human element’, with people being involved either via Error, Privilege Misuse, Use of stolen credentials, or Social Engineering. Given these findings, what are some data breach prevention best practices organizations can adhere to in order to better protect their sensitive data?
Password managers can play a critical role in mitigating human error and the use of stolen credentials. These tools give users the ability to quickly and efficiently create, store, and manage strong and unique passwords. Password managers empower users who might otherwise rely on their memory to ‘manage’ passwords or engage in heavy password reuse, a practice that puts large swaths of data at risk, especially if the same password is used for multiple applications.
Strong and unique passwords are also, by nature, harder to steal. And, fortunately, creating strong passwords isn’t hard. Bitwarden, for example, offers both a password strength tester and a strong password generator. Interesting fact: An 8-character password will take a hacker 39 minutes to crack while a 16-character password will take a hacker a billion years to crack.
As for social engineering and privilege misuse - while the primary purpose of a password manager isn’t to stop social engineering attacks, such as phishing attempts, they do retain known and confirmed URLs and confirm via an icon flag when a user lands on a known site. This helps users identify when fake websites potentially harboring malicious malware are being shared with them. Specific user access can also be arranged through password managers. Bitwarden enables organizations to grant their employees a variety of roles and levels of permission, ensuring (if necessary) employees are limited in what they can see.
Requiring use of two-factor authentication (2FA) is an important step in observing data breach prevention best practices. Two-factor authentication is a security technique used to protect your sensitive data. Sites that use two-factor login require the user to verify your identity by entering a token, verification code, or one-time password (OTP), in addition to the username and password, typically retrieved from a different device. Without physical access to the code from the secondary device, a malicious actor would not be able to access the site, even if they acquired your username and password.
Most people have experience with 2FA, which for the average consumer is typically accomplished via an SMS / text message, such as a user’s bank texting a code to said user after they login with their username and password. Many organizations prompt 2FA through use of an authenticator app (such as Authy) or a physical security key (such as Yubikey). Most password managers offer integration with 2FA and the majority of websites that store sensitive information (such as credit card or banking information) allow users to enable 2FA through settings, security, or privacy menus.
There is tremendous value in encrypting sensitive data. In fact, it’s a non-negotiable. There are few tools that are as effective as encryption in protecting critical data from data breaches; it is one of the core data breach prevention best practices. For a comprehensive overview of the Bitwarden encryption perspective, please check out this blog. Encryption done right makes data unintelligible to prying eyes and ensures only those with the encryption key can access it.
An excellent place to start for organizations interested in implementing encryption is the Federal Trade Commission’s page on protecting personal information. On that note, readers might also be interested to learn that the FTC received an ‘Excellent’ ranking in the Bitwarden State of Password Security report, which ranks federal agencies based on their security advice.
There is no single panacea for preventing data breaches. But, these security strategies will go a long way in helping protect sensitive data, ensuring customer privacy, and safeguarding the bottom line.