News Room


The password is…

Be creative, diligent to best thwart cyberattacks


Travis Thompson, Director of Risk Management // Hylant Administrative Services
Bob Bong // Community Media Group


One of the greatest dangers facing your business entity today is the threat of a data breach or cyberattack.


Data breaches are embarrassing, and in addition to hurting your reputation can have serious, lasting repercussions. Exposed information can potentially lead to identity theft, stolen Social Security numbers, compromised medical and financial information, along with theft of email addresses and passwords.


Cyberattacks can also open your entity itself to the same dangers.


Password security is the best way for anyone to keep that from happening. Among the biggest problems pertaining to security is not changing your password.


Individuals and businesses alike frequently use the same password for everything, and they don’t get creative. The most common passwords today are "password" or the numbers 1,2,3,4. Other common passwords are people's names, and their birthdays or addresses. Bad guys know this, and it makes it easy for them to infiltrate your system and access sensitive information.


Travis Thompson, director of risk management for Ohio Plan Risk Management Inc., recommends clients use password rotation. Don’t just change the numbers or use something that is simplistic and potentially easy for the bad guys to figure out. Stay away from family members names, kids’ names and birthdays. Don’t use the street you live on. Use a special character, and a combination of numbers, and lowercase and capital letters. And don’t use information about yourself that will show up in a Google search.



While changing passwords is necessary, routinely altering them and using different passwords for all your accounts can create a password jungle and remembering a bunch of passwords can be difficult. Write your passwords down — just don’t keep them written down in a file on your computer. Keep them in the notes section of a smart phone or write them down in a notebook. It’s hard to know if a document file has been copied or compromised until it’s too late, but if you keep the passwords in a hard copy and it comes up missing, you know you’ve been hacked."



So, despite your best efforts you fall victim to a cyberattack. What do you do next? First, you need to alert your bank and credit card companies about the hack. You also need to alert all your external business partners that you were attacked, so they can take appropriate steps. Once you that, the companies know what to do. The system takes over because Ohio state regulations govern what companies must do in the event of data breaches.