Yesterday, June 08th 2018 the ICO announced they have fined The British and Foreign Bible Society £100,000 for a data breach. While the fine is not as high as the well publicised maximum fines available to the ICO to hand-out £100,000 is a lot of money for any organisation to afford for something easily avoidable. The ICO gave the following details on the data breach:
Supporter details were kept on an insufficiently secured internal network, and in 2009 the Society created a service account on the same network. This account, which was configured in such a way as to provide inappropriate remote access rights to the network, was only secured with an easy-to-guess password.
This was an easily avoidable fine, by simply implementing a minimum password complexity requirement the hackers would not have been able to take advantage of the weak credentials and plant the malware. A best practice for choosing secure passwords as advised by GCHQ is to use three random words:
Hard to guess. Three well-chosen random words can be quite memorable but not easy to guess. It provides a good compromise between protection and usability.
We would advise using the above method, ensuring the three words are not related in anyway and adding a Symbol & a number to the mix. Alternatively, use a password generator such as: