Recent major cyber breaches highlight that there’s still much more to be done when it comes to educating employees about security best practices.
Take Deloitte, for example, who were hit with a cyberattack earlier this year. Their systems were compromised through a hacked administrator’s account that did not require multi-factor authentication. As a result, the hacker had unrestricted privileged access to internal files; revealing the emails, usernames, passwords and personal details of Deloitte’s large blue-chip clients.
The lesson here is simple: you can never be too careful. Robust privileged access management solutions could have prevented this breach. But security can also come from simple steps, such as setting secure passwords.
In fact, all companies should be encouraging employees to set powerful passwords. As an IT manager, you may have the know-how, but this doesn’t always trickle down to employees.
Here are some tips and tricks worth reminding others of when it comes to cyber-hygiene.
While a password such as Secur!tTy123 may seem hard to crack for humans, it’s relatively easy for computers to eventually guess. The thing to remember is that the longer the password, the harder it is to crack. So, opt for something like a string of random phrases, such as ‘swan windmill heartbeat soccer Ryvita’ over a shorter combination of alphanumeric nonsense.
Spread out special characters
Most password fields require you to include upper and lower cases as well as numbers and symbols. This is all well and good, but most people tend to capitalize the first letter of the password and add a symbol or number at the end. Again, machines can guess this predictable behavior, making the additional special characters redundant.
Don’t force regular changes
Not too long ago, many regulators and standard organizations recommended regular password changes. But this is no longer the best course of action. Regular changes encourage risky behavior – using passwords that can be easily guessed, using predictable password strategies, or reusing the same password for multiple accounts. Instead, encourage long passwords and the use of a password manager.
Assume nothing is private
You may think you have your social media profiles on lockdown, but hackers can still find out the names of your family members or interests by digging around. Likewise, don’t save your passwords in a plain text file and assume no one will be able to find it. Pen and paper is harder to hack than a Word doc. And instead of writing your passwords down, consider writing the name of the website, your login and a clue that will jog your memory.
Of course, passwords alone won’t keep you totally protected. They should be used with multi-factor authentication and work alongside other security measures, such as privileged user access management solutions. These, combined with regular training can lower the risk of a hack and stop your organization from becoming the next Equifax.
For more advice on protecting against privileged account hacks, download this whitepaper.