By: Chris Stoneff, VP Technical Management, Lieberman Software
The last Verizon Data Breach Investigation Report stated that 63% of data breaches involved cyber criminals using weak, default or stolen passwords to access information they shouldn’t. With this in mind, it’s good to remember that being a small business is no excuse for poor password security. This is especially so when it comes to the administrator passwords that protect access to the most sensitive areas of a company’s network, like file stores and corporate email. When these credentials are compromised by bad guys, it is easier for them to move around the network and infiltrate critical systems and even gain access to your valuable customer data.
Stolen credentials are one of the easiest ways to exploit small businesses. Many Small and Medium Enterprises (SMEs) may think they don’t have the budgets or the means for effective cyber security. However, small businesses that think they are too insignificant to warrant proper cyber security efforts need to carefully consider who their customers are and how unhappy they would be if their data was compromised. When we look back at Target, one of the biggest data breaches of all time, the breach was discovered to have come through one of Target’s small third party vendors with weak passwords that never changed.
At a bare minimum, companies need to make sure that employees rotate passwords and don’t use the standard ones they use for their personal online accounts. Passwords should be strong – more than 8 characters and include upper and lower case characters as well as numbers.
For those that struggle with endless strings of passwords, there are also affordable Privileged Account Management products that can automate time-consuming manual password changes to ease IT administration burdens. By changing passwords faster than intruders can exploit them, these security products provide real-time containment of attacks that breach the perimeter, and prevent anonymous “nesting” on the network.
Large enterprises are taking cyber security seriously and getting harder to breach. Hackers historically always take the path of least resistance, if that path is via a smaller business with tempting customers, you better believe they will take the easy route. Getting a few basics right, like password security, will go a long way to protecting even the smallest business.