The names of their children or the football team they support, coupled with the year of their birth…when it comes to creating online passwords, plenty of people don’t try all that hard to be creative.
Many are also big on recycling – using the same weak combination of letters and numbers to secure multiple online accounts. From a cyber-security perspective, that can be a disaster waiting to happen, particularly if yours is one of the thousands of Australian businesses that have sent their teams home to work during the coronavirus crisis, without ensuring adequate protection measures were in place to support a secure remote working model.
Remote working Russian Roulette?
These organisations are playing a form of high-tech Russian roulette. Allowing multiple employees to log on to the corporate network from various locations, via a myriad of devices, creates an environment that is challenging for IT security staff to monitor – and one in which attackers can slip under the radar more easily.
Weak or compromised credentials are the cause of 80 percent of hacking-related breaches, according to Verizon’s 2019 Data Breach Investigations Report. If an individual uses the same credentials across several services – their social media accounts and your corporate network, for example – then their problem can quickly become yours. Attackers are well aware of the reuse factor and, once they have someone’s credentials in hand, it’s an easy matter to try their luck plugging them into as many sites as possible, in the hope of a hit.
Rising risks in the time of coronavirus
And yes, you should be worried because, in 2020, bad actors are busier than ever, taking advantage of the disruption and uncertainty COVID-19 has created to trick people into parting with their credentials.
The Australian Cyber Security Centre has reported a surge in activity since the pandemic began, with individuals being flooded with COVID-themed malicious activities, scams, and deceptive email schemes.
“These incidents are likely to increase in frequency and severity over the coming weeks and months. This is due, in part, to the ease in which existing scam emails and texts can be modified with a COVID-19 theme”, the agency noted in an advisory bulletin.
Australian businesses are also in the sights of malefactors, as never before. In June, they were warned by Prime Minister Scott Morrison to be on their guard against ongoing cyber-attacks targeting local organisations across a range of sectors.
An easy way to boost password security
All of this creates a compelling use case for the password manager. This surprisingly under-utilised tool can help businesses and individuals generate longer and stronger passwords and store them securely in an online encrypted vault. Once saved, individuals can use those passwords to log in automatically to regularly accessed sites.
Password manager users must enter a master password to access and change entries and, should compromise occur, they can do this quickly and easily. Adding two-factor authentication – preferably linked to employees’ phones to keep the log-in process straightforward and swift – creates a further layer of security for those random, tough-to-crack alpha-numeric strings.
Typically, password manager programs can sync to the cloud, thereby providing protection to employees whenever and wherever they log in.
Securing your enterprise for a brighter future
Australian businesses are enduring enormous uncertainty and extraordinarily difficult economic conditions, courtesy of the coronavirus crisis. There could be no worse time to suffer an expensive and disruptive data breach. Taking simple steps to improve your cyber-security posture will reduce the chances of this occurring and put your organisation in a better position to safely operate and emerge even stronger in the end run.
Jim Cook, ANZ Regional Director, Attivo Networks