Why You Should Consider a GDPR Password Policy
As of May 25, 2018, one of the strictest data protection regulatory acts will become enforced.
The legislation, known as the General Data Protection Regulation (GDPR), is a European Union law that ensures data privacy for all individuals within the EU. The legislation is a reaction to the number of data breaches and hacks that have occurred over the years and have resulted in compromised email addresses, passwords, social security numbers, health records, and more for innocent victims.
At its core, the set of rules designed by GDPR gives EU citizens more control over their personal data, including the right to know when their data has been hacked. But GDPR isn’t just touching European companies and citizens. Let’s dive into GDPR further, and what it entails.
What is the GDPR?
GDPR forces companies to make sure the way they collect, process and store data is safe.
Any company who holds or uses data on people inside the European Union is subject to the new rules, regardless of where they are based. So let’s say your company’s headquarters is in San Francisco but holds data on people in the United Kingdom. In this case, your company must also adhere to the new GDPR compliance.
Under the terms of GDPR, organizations must guarantee that personal data is both gathered legally and that those who collect and manage data protect it from misuse and exploitation.
Organizations who do not comply with the GDPR will face penalties for not doing so.
How GDPR relates to password security
stronger password policy is a component of compliance.
There are several examples to demonstrate this.
Firstly, credentials are the Holy Grail for hackers. Login and password information can both compromise networks and sell for a pretty penny on the black market, which means they are highly targeted.
- In a study of 905 phishing attacks, the vast majority—91 percent—were after user credentials.
- And, on the flip side of the hack, 63% of data breaches result from weak or stolen passwords, according to a study conducted by Verizon.
Protecting credentials can decrease the risk of hacks and ensure compliance with GDPR.
Additionally, internal threats that weaken password security are also a threat to GDPR compliance.
Let’s say a staff member forgets or needs to reset their password. To fully comply with GDPR, new procedures must be implemented to prevent help desk employees, who assist with resets, from directly accessing passwords.
In other words, companies must be able to demonstrate that their password reset processes and procedures are secure.
Leveraging EZPD for password protection
One way to ensure secure password processes is by implementing software that generates and regenerates long, strong and complex passwords on demand. And has the ability to keep them invisible from everyone but the individual user.
EZPD protects credentials through a proprietary, node-locking system that requires authorized devices to have a license file before the software will generate or regenerate passwords. Without access to a license file on an authorized device, a password cannot be created or made visible.
Taking it a step further, EZPD does not store passwords, which makes it a more secure option than password managers or other common methods of password storage because it mitigates the risk of an outside breach.
EZPD helps organizations in many industries comply with GDPR because it’s unique technology, and license file options make it possible to protect:
- Classified files
- Internet accounts
- Network access
- And allows for secure file exchange between clients or colleagues.
Download a free trial of EZPD to see how the software can protect your company from falling victim to a GDPR penalty.