If you have the habit of using the same password for all your online accounts, you might end-up becoming a cyber-attack victim!
2012 had been fabulous in many counts, but when it comes to information security, it had indeed been a year of high profile security breaches and identity thefts across the globe. Individual users and mighty enterprises alike have fallen prey to hackers. High profile cyber-attack victims this year include Zappos.com, one of the largest online retailers dealing with shoes and apparels; Linkedin, Dropbox and numerous others.
And in early December 2012, a shocking report revealed that a disgruntled IT administrator at a Swiss-based spy agency had allegedly downloaded terabytes of counter-terrorism information shared among the intelligence agencies in US & UK and was eyeing at selling that off to foreign and commercial buyers.
If you dig into most of the cyber-security incidents reported this year, you would realize that password reuse and insider threats have emerged the most dangerous security IT security issues in 2012. Incidentally, the solution to combat both the issues lies in deploying a Password Manager!
Password Reuse Affects All – Individuals & Enterprises Alike
With even tech-savvy users tending to reuse the same password across many IT applications and websites, identity theft at one place leads to a compromise at numerous other places. Nowadays, it is quite common for users to use the same login credentials for multiple sites—social media, banking, brokerage and other business accounts. If the password gets exposed in any of the sites, in all probability hackers would be able to easily gain access to all your other accounts too.
If you have the habit of using a single master password for all your accounts, be prepared for security surprises and shocks!
It is always prudent to have unique passwords for every website and application and supply it ONLY on that site/app. When there is news of password expose or hacks, you can just change the password for that site/app alone. Frequently changing passwords as a habit is always a great one to have.
But, here comes the problem: You will have to remember multiple passwords—sometimes in the order of tens or even hundreds. It is quite likely that you will forget passwords and at the most needed occasion, you will struggle logging in.
The way out: Use a Password Manager
Just like you have an email account; consider using a password management application too. In order to combat cyber-threats, proper password management should ideally become a way of life. Password Managers help securely store all your logins and passwords in a centralized repository. In addition, you will get an option to launch a direct connection to the websites / applications from the password vault’s GUI itself. Saving you even the ‘Copy & Paste’ task, logging in is just a click away. Once you deploy a Password Manager, you can say goodbye to password fatigue and security lapses.
Insider Threat – The Emerging Issue for Businesses
Password Managers could safeguard business enterprises from yet another emerging threat. As things stand today, the biggest threat to the information security of your enterprise might be germinating inside, right at your organization. The business and reputation of some of the world’s mightiest organizations have been shattered in the past by a handful of malicious insiders, including disgruntled staff, greedy techies and sacked employees.
In most of the reported cyber sabotages, misuse of Privileged Access to critical IT infrastructure has served as the ‘hacking channel’ for the malicious insiders to wreak havoc on the confidentiality, integrity and availability of the organization’s information systems, resulting in huge financial losses. In government agencies, insider threats might even result in jeopardizing the security of the Nation.
It is common to see organizations storing privileged passwords that grant virtually unlimited access privileges in haphazard manner in volatile sources like papers, text files and Excel sheets. Lack of internal controls, access restrictions, centralised management, accountability, strong policies and to cap it all, haphazard style of privileged password storage and management make the organization a paradise for malicious insiders.
Tightening Internal Controls – Need of the Hour
One of the effective ways to combat insider threats is to tighten internal controls. Access to IT resources should strictly be based on job roles and responsibilities. Access restrictions are just not enough. There should be clear-cut trails on ‘who' accessed 'what' and 'when’.
Internal controls could be bolstered in organizations by automating the entire life cycle of Privileged Password Management enforcing best practices. Enterprise Password Management Solutions precisely help achieve this.
Deploying a password management solution would indeed be the best start towards information security this year!