Passwords, breaches, and data dumps: business tips from Troy Hunt

Passwords, breaches, and data dumps: business tips from Troy Hunt

Sarah Brown by Sarah Brown on

We’ve kicked off an exciting new webinar series, Essentials of Business Security, designed to help your businesses stay safe online.

In the first installment Matt talks with Troy Hunt, a longtime friend of 1Password and the founder of Have I Been Pwned. Troy created this site to help people find out if their passwords have been leaked on the Internet, making him an expert on password-related security issues.


Matt and Troy covered four key points in the webinar that will help you protect your business and employees.

Password habits and standards have changed

Views on passwords are always changing and evolving. Requiring employees to change their passwords every 30, 60, or 90 days has been a business standard for years, but the National Counterintelligence and Security Center (NCSC) changed their stance and now advises against password rotation as a policy.

Your employees should create a strong and unique password for every account, and only change these passwords if they suspect an account has been compromised.

Educate your team

Your employees are only human, and humans will naturally try to find the shortest path to the end result. But if you help your employees create smart, easy-to-follow password and security habits from day one, they’re more likely to stick.

You want to instill a questioning nature in your employees without going overboard. Your employees should be cautious of links or files from unknown senders, aware of how and where data is stored and protected, as well as what information they can publicly share.

If your employees are empowered to make smart choices, your company’s data is more likely to be safe.

Put the right tools in place

Having the right tools in place from the beginning helps your employees create good security habits. It’s easier to help your employees start off on the right foot than it is to try to make a company-wide change further down the road after your employees have had the chance to develop their own bad habits.

At a minimum, your employees should be set up with a password manager and two-factor authentication on all accounts that offer it. A good password manager is designed to blend into your routine so seamlessly that it’s actually harder for your employees not to use it.

At 1Password, every business account comes with a free family account to help your team practice good security habits both at work and at home.

How to handle a data breach

The gold standard of breach response belongs to the Australian Red Cross Blood Service. In 2016 a text file containing sensitive donor information, including blood type and eligibility answers, was found on a public-facing site. This kind of breach could be devastating.

Within 72 hours of being notified, the Red Cross determined what happened, had their CEO give a straightforward and thorough statement, and set up a call center for inquiries. All of this, even though they determined that only two people (one being Troy) had accessed the file.

When a breach happens to your business, it’s essential that you step up and take ownership. Downplaying or brushing off the incident doesn’t give your customers confidence in your ability to protect their data going forward.

What’s up next

If you enjoyed this webinar, sign up to find out about our upcoming webinars. They’re the best way to learn what’s possible with 1Password.

Content Pirate

Sarah Brown - Content Pirate Sarah Brown - Content Pirate

Tweet about this post

Continue Reading