Passwords Passwords Everywhere…
The growth of cyber-attacks is well documented and every single cyber security enterprise is talking about Cyber Resilience to improve your business’ security posture. The term is being used so much and yet we are still not really helping the average technology user understand the importance or exactly what it means and what they can do to lower their risk.
Often the focus on corporate risks and acceptable use policies is lost on the end user. Constantly referring only to the policy will not influence the user to adjust behaviour. In order to make real change we need to focus more on procedures, steps and the personal impact of better cyber hygiene to help our users be more secure. When our users know what to do and what to look out for, they will be better protected at home and automatically by association more secure at work.
This series will discuss the pressing aspects of cyber security and try to cover these issues in a way that will make sense to the non-technical user. It is amazing how making small adjustments can positively influence the behaviour of our users and improve security at the same time. When the user makes the changes themselves, positive results follow.
Today we look at passwords and before anybody says that passwords are not the best form of security, are outdated and the like, the truth is that we live in an interconnected world and every single system we interact with needs a password. Every system, cloud storage, app and network we place our information and login credentials into increases our risk landscape.
When you use a single password for every platform, a breach of one is a breach of all of them. You may practice safe cyber activity and still have your credentials compromised in a third-party app that has poor security measures.
A password policy is not only something that you should have in the office. It is a good idea to come up with, follow and assess compliance to a policy for your personal passwords as well. This policy (work or home) must be practical for your situation. Have a look at the systems and platforms that you work with and follow the policy to ensure password security.
- Will you make use of a password manager? Ensure that it is secure and use it correctly.
- How often will you change your passwords? Will you only do this when something is compromised, twice a year, quarterly? Whatever your decision is, this is your policy and make sure you follow it.
- How will you monitor for compliance and breaches? Please ensure that you keep your eyes open for breach notifications, update managers and regularly check for multiple online sessions or logins on all your platforms.
- Register for a breach notification service on your personal email accounts.
- Contract a service to monitor and search for stolen, compromised and leaked credentials online and on the cyber underground. Breaches happen every single day and knowing that credentials have been part of a breach allows you to take the required steps to stay secure.
- Implement multi-factor authentication on every platform possible. The reality is that the extra 2 or 3 seconds it takes to punch in the code or verify the login is far simpler than trying to recover data, chase lost money or explain how your credentials were used to drop ransomware on those around you.
I still suggest that you make sure your passwords are unique to you, but with the growing number of platforms and passwords take the steps necessary to secure yourself. Follow your policy.
If you need any advice or wish to add to this information, please get in touch with me. I am always happy to discuss real and practical methods to remain cyber secure.
John Mc Loughlin
- Hits: 255