Hackers only need one good set of leaked credentials to access an employee account. If hackers access credentials that belong to current employees, they can use their accounts to move around your organization undetected. Even if a user is no longer with your organization, their account may still be active. If that former employee had privileges, such as access to financial information, a hacker with their credentials will also have access. The potential consequences of stolen credentials include direct financial loss, damage to brand reputation, loss of intellectual property, etc. Organizations must understand the threat of credential theft and take action to defend against it.
Protect Your Accounts and Password
Protecting user accounts is incredibly important and failing to have a good password can put your organization at risk. Here’s how you can protect your user accounts and passwords.
Keep Track of Accounts
Employees use several tools and programs daily to conduct their work. This means that employees have several accounts that are outside of the corporate network but are still integrated with the organization. These accounts can also be breached and be used to move laterally into your organization. Organizations need to ensure that they keep track of the additional tools they use and that user permissions for these third-party accounts are recorded. Once a user leaves your organization, it’s important their access to these tools are removed in addition to their corporate account.
Use Multi-factor Authentication
Multi factor authentication involves using a secondary verification method in addition to a password. This typically includes methods such as sending a code to a mobile number or secondary email account that needs to be entered after your password. In some cases, people use a hardware key that they insert into their computer for verification. You should use multi factor authentication wherever you can. This adds an extra layer of security, and most websites support the use of multi factor authentication.
Implement a Good Password Policy
The best way to ensure the passwords within your network are protected is to implement a password policy. Every new account should be required to set a new password that adheres to your password policy. Things to cover in your policy include making sure passwords are changed regularly (such as expiring every 90 days) and that all passwords reach a certain length (such as at least 8 letters long) and feature alphanumeric characters.
Use Unique Passwords
Encourage employees to not use easy to guess passwords, such as brand names, names of famous people or their birthday. The best way to make a password unique is to use a memorable phrase instead of sequential numbers on a keyboard or common acronyms. Each of your accounts should also have different passwords. That way if one password is leaked in a breach, a hacker can’t reuse that password across other accounts.
Navigate the Web Safely
Hackers can also trick employees into giving up their account credentials through social engineering tactics, such as impersonating an authority or brand. Here’s how employees can avoid social engineering attacks.
Security Awareness Training
Awareness is key to fighting off cybercriminals. Cyber awareness training can help employees develop an understanding of common cyber threats and help them build good security habits to help protect your organization.
Double Check Everything
Before clicking on links or responding to emails, ensure that the email is legitimate. Things to look out for include the sender’s email address, a sense of urgency in the email message and bad grammar/spelling errors. If an email includes a link, hover over it instead of clicking on it to see if the URL looks legitimate. If you are unsure of the veracity of an email, it’s best to contact the person directly.
Be aware of the information you are releasing on the internet and the consequences it can have. It’s easy for cyber criminals to take innocuous and innocent information and use it to craft targeted phishing messages.
Improve Your Security Posture
Our turnkey solutions combine industry leading technology with our expert security teams to protect your organization. Monitor against threats with a 24/7/365 operations centre staffed with live agents who remediate and review security alerts. We will provide regular reports and recommendations to help improve your overall security.
Hackers attack every 39 seconds, on average 2,244 times a day
AN AVERAGE OF 10,573 MALICIOUS MOBILE APPs WERE BLOCKED PER DAY.
it takes 279 days to identify and contain a breach.
Speak to one of our Program Managers today, to learn how to improve your security posture