Yes, Changing Your Password DOES Matter in Preventing Cyber Attacks

By Kyle Rankin, Chief Information Security Officer

In the past few weeks, we've witnessed firsthand the devastating impact of cyber threats on a business in our industry, leading to significant disruptions for many others. The financial repercussions alone are expected to reach tens of millions of dollars, if not more.

As CCC's Chief Information Security Officer, it's my job to safeguard the CCC solutions you rely on daily from potential attackers, but maintaining safe systems is a collaborative effort where you also play a crucial role.

One simple but often overlooked action you can take is updating your password. A common question we hear from our customers is, "There isn't anything in my system a hacker would want, so why do I have to change my password?" The reality is, there are several reasons why regularly updating your password is important:

  • Your shop has attractive data: Every work file in your system likely contains personal information, such as names, phone numbers, email addresses, and possibly insurance details.
  • Hacks will happen: It's a matter of when, not if. Keeping the same, simple password increases your vulnerability. A compromised password, often without your knowledge, can lead to significant issues. It doesn't have to be a large-scale corporate data breach; even a bad actor guessing your password can cause harm.
  • Limit damage: Regularly changing your password helps cut off unauthorized access if your password has been compromised without your knowledge.
  • Compliance requirements: If your business participates in an insurer's direct repair program, there may be agreements in place that require you to protect consumer information. Regular password updates are part of maintaining compliance with these agreements.
Password Best Practices

It pains me to write this, but "123456" is used as a password by roughly 2.5 million people and can be cracked in less than a second. Hackers often use programs to get into accounts, which often use the simplest and most common passwords first.

By following these best practices, you help protect our shared digital environment:

  1. Change Passwords Frequently: Changing passwords every 30, 60, or 90 days is a best practice for data security in any business. Regularly changing your password reduces risk by cutting off unauthorized access to your system and customer data if your password has been compromised.
  2. Choose a Strong Password: Complex, difficult to guess passwords are considered the strongest. CCC ONE® follows these best practices for password complexity to enhance security, too:
  • Minimum of 8 characters
  • At least one uppercase letter
  • At least one lowercase letter
  • At least one number
  • No spaces
  • No special characters
  • Cannot contain parts of your username
  • Cannot be one of the last 5 passwords
  • Cannot be a common password (e.g., "Password")

Data security and password safety are more critical than ever, especially in industries like collision repair, where customer and business data are at stake. Adopting strong password hygiene practices is essential for protecting data, safeguarding your business’s reputation, and maintaining customer trust.

To learn more about data protection, click here for some practical suggestions from my colleague Dan Risley.