Jun 19, 2013

Passwords are a Weakness for Businesses, with Potentially Disastrous Consequences

Companies large and small are faced with a growing burden: how to manage shared access to an ever-increasing number of services and data, across a workforce that is more mobile and digitally connected than ever before. In the interest of efficiency and productivity, the security implications of shared and weak passwords are often overlooked, leaving the company open to significant risks.

Shared social media accounts are a prime example. A number of recent hacks highlight some of the serious consequences for the affected brands.

In the case of The Onion, the Syrian Electronic Army targeted their team members with phishing attacks, collecting their Twitter credentials and then using that data to login to @TheOnion to post content like this meme:
Or take the recent hack of the Associated Press' Twitter account. The perpetrator's tweet about a potential bomb at the White House negatively affected financial markets, with the DOW dropping drastically:
Hacks of social media accounts are embarrassing, potentially damaging a company's reputation, spreading malware to others, not to mention affecting the company's financials or the greater financial markets. There's also time lost in recovering from the situation and issuing apologies.

But social media teams are not the only ones with something to lose. Companies need to improve password practices and shared access to accounts all around, because the next compromised account may be something even more critical than the company's Facebook page or Twitter handle.

It's difficult to inspire employees to change the way they handle passwords. How we use and manage passwords in our personal life will affect how we use and manage them in our business life - which is to say, most of us are not doing the password thing right. The only logical solution is for companies to implement a password management system with tools and features that allow employees to painlessly manage their data and share access to accounts.

That's where LastPass Enterprise comes in. Only with a system that effectively blends SSO and SAML with secure password vaulting can a company effectively manage access and reduce the risk that passwords pose. Enterprise offers the same core functionality as the standard LastPass product, but with extensive administrative capabilities and robust sharing features for easily assigning, reassigning, and monitoring company data across individuals, functional teams, and the entire organization. Not to mention, with LastPass Enterprise, administrators are able to enforce high security standards - without asking too much of their employees.

After incidents like the above Twitter hacks, there was much talk of Twitter implementing multifactor (or two-factor) authentication in an effort to help brands better protect their accounts. But in the end, businesses themselves have just as much, if not more, responsibility to be proactive in protecting their data and assets. Strong passwords and standardized authentication practices would have gone a long way in preventing these attacks.