A Kaspersky Lab survey finds that 75 percent of respondents report that the number of passwords they have to manage causes them stress, which may explain why there are 23.2 million accounts using “123456” as a password and three million accounts using “password” as a password.
In addition, 68 percent report they are stressed about data breaches—even though nearly a third of them admit they use the same passwords for either all or most of their online accounts.
The threat of poor password protection is ongoing. In a recent attack, hackers had access to Citrix networks for six months before they were discovered, a result of password spraying—attackers gained access through a brute-force attack using commonly used passwords that weren’t protected by a two-factor authentication. Since today is World Password Day, it may be a good time for organizations to think about password security (or the lack of it) and how they will protect and recover data if there is a breach.
Here are some steps your organization can take to increase password security and protect data:
- Stop password sharing. A SurveyMonkey report finds that one third of the more than 1,500 adults surveyed share passwords or accounts with coworkers, mostly as a way to collaborate. Such practices leave organizations open to data being stolen or altered—or provide access to employees who have left the organization. Some solutions include linking passwords to a worker’s email account, enabling a multi-factor authentication when possible, and encouraging long passwords over complex ones.
- Implement password management. LogMeIn finds in a survey of 43,000 organizations that the larger the organization, the lower its security score on average. The reason: It’s more difficult for larger companies to hold employees to password security standards, which can open the door to dangerous password behaviors. LogMeIn finds that one year after implementing a password manager, most companies boosted their security score by an average of nearly 15 points.
- Be proactive. Andrew Avanessian, author of “The Endpoint Security Paradox,” says that he recommends “spending less time trying to close the door after the horse has bolted” and instead creating a multi-layered approach to security. For example, he recommends that organizations incorporate solutions like patching, application whitelisting, and privilege management, “which will help limit the pathways for malware to obtain sensitive data.”
- Scrutinize backups. Storing data in multiple locations can risk exposure, but it also helps to ensure your data is preserved even if there is a significant data loss, advises John Grimm of nCipher Security. Encryption, identity management and access control are important steps for backups as it helps organizations always think about how data is exposed and what can be done to reduce the threat, he says.
- Test, test, test. Any backup plan needs to be tested routinely and fully documented so that each employee understands his or her role in the event of a cyberattack. Also consider if the test backup is meeting the organization’s objectives. For example, a test backup for a bank needs to ensure data can be recovered for compliance, audit, and legal while healthcare companies need to focus on security, retention, and legal requirements.
You May Also Like
- Backup and Disaster Recovery Business Continuity Compliance Cybersecurity Data Protection Data Resilience Ransomware
October Is Cybersecurity Awareness Month: Are Your Backups Secure and Compliant?
October 1st, 2024 - Backup and Disaster Recovery Business Continuity Data Protection Data Resilience Data Storage Ransomware
A Deep Dive Into Immutable Storage: How It Works for Ensuring Data Protection and Ransomware Recovery
September 26th, 2024 - Backup and Disaster Recovery Business Continuity Cybersecurity Data Protection Data Resilience
Tech Conversations | Beyond the Arc – Budget-Friendly Strategies for Data Protection
September 18th, 2024