Passwords Keep data safe and secure, Simple. However, In the words of Alexander Pope “To err is human” and with regards to security credentials, this has never been truer!
Generally, we as people like to keep things simple, for example, we tend to keep passwords, simple, memorable and short. Long and complex words or numbers are just too much of an effort to first think up and then to maintain in memory. Furthermore, we like our credentials universal across all our devices, applications and accounts.
Is this safe? Hmmm…. Well here are three ways that data can be compromised...
- Hacked Credentials – In cases such as this a hacker has full access and control of whatever account or application they have hacked into. How to combat this? Well…the best way is to combat it at the source. Your password must be of optimum strength, use a mix of lower case/upper, numbers and special characters.
- Only give admin access to those who need it! – OK, so I know what you’re saying, ‘This is obvious’, well yes, It is. But it is the quickest way to lose control of your system. Credentials should be kept secret and only available to use by a select number of people and admin. credentials should only be used when admin rights are necessary to complete a task. Monitoring the time of use and who used them helps to retain control of who has permissions for what applications.
- Malware and Bad Links – This can happen through authorised personnel clicking a bad link which drops malware or ransomware into the network.This is beginning to be a more common cause of malware attacks as the ‘Bad Links’ look more and more realistic. This means that any data on the captured devices can be stripped of data. For example, passwords, credit cards details etc. In these instances, the user is totally unaware of any breach and the repercussions can take days or weeks to be felt.
We all need a bit of help to combat these threats, specialised solutions to combat specialised attacks.
Protective software such as the the Rapid7 User Insight system utilises intelligence to gauge network activity and detect a breach or something out of normal working practice. This puts the business back in control, enabling the IT team to understand when an attack or compromise may take place and then empowers them to take the necessary steps to avoid any disruptions or compromises within the network.