October 09, 2017
It’s already the second week of National Cybersecurity Awareness Month! We hope you’ve been following the #CyberAware conversation on social media and utilizing our NCSAM toolkit to educate your employees. This week’s theme is “Cybersecurity in the Workplace is Everyone’s Business”, and it’s a perfect time to talk about the intersection of personal and business password hygiene.
Personal passwords impact work security, too
Let’s face it, your personal password habits aren’t just “personal” – they also impact how you handle your work passwords. Given that those habits are often not very secure, IT teams need to account for that in their security strategy.
When it comes to online security, it only takes one employee or one password to cause a massive data breach. And that password could be a personal one, not work-related, that grants entry to attackers. We’ve seen it time and time again. A large organization gets hacked because an employee is reusing his social media password on work accounts!
Social media passwords are an easy way in
Take Mandiant, a major cybersecurity firm, that was recently hacked through an employee’s social media account – his own personal social media account. But because he reused that password on work accounts, the hackers were able to access not just to his social media, but also sensitive internal company data.
But Mandiant isn’t alone. We’re seeing an unfortunate trend of companies being hacked through their social media accounts. HBO. Enigma. Sony. All three companies were hacked in August through stolen social media credentials.
Hackers recognize this is an easy way to get access. Most likely, these social media credentials were stolen via older, large scale breaches such LinkedIn or MySpace, and those same passwords were reused on other accounts. Given the fact that 81% of data breaches are due to weak/reused passwords, the reality is – companies must consider and secure every single employee’s passwords, on every single site and app, whether they work in IT or marketing or HR.
Better passwords require a better approach
If you think about the type of information and data in your employer’s records, like social security numbers, driver’s license numbers, addresses, etc., it’s a hacker’s goldmine. We have to take it upon ourselves to think about how businesses are protecting themselves against cyber threats and the steps businesses should be taking, if they’re not already, to keep that data secure.
Deploying a password manager, like LastPass, gives each employee a vault to store their passwords, gives IT visibility into password hygiene, and allows IT to enforce security policies to help protect against a similar attack at their company. Our recent study with Ovum revealed 76% of employees experience regular password usage problems and at the same time, nearly three-quarters said they would want to use a tool to help store and access passwords without needing to remember each one if their company offered a solution.
This month, take action in protecting your business by educating your employees of the risk they could be subjecting the company to and providing them with a simple password management solution.
