Since a record number of people started working from home in 2020, there has been a massive rise in data breaches. These have occurred in all types of companies, organizations, and even government agencies. In fact, 42% of IT and security managers have shared the occurrence of breaches in their organizations due to user password compromise. While breaches happen, it’s becoming more frequent than it should.
When creating our passwords, there are generally two types of people. There are those who think they’re safe by coming up with passwords that include a range of different numbers, letters, and symbols. Then there are those who use the same simple password for everything to avoid resetting when it’s forgotten. The reality is, while those who put thought and effort into their passwords may be marginally safer, both types are still at risk. You may not even know that your password was compromised. Websites like I Have Been Pwned are helpful to see if your email address and password have been compromised in a data breach. But as you likely know, finding out months later isn’t all that helpful.
Getting that dreaded notice that your account has been compromised is an awful feeling. Especially if you’ve been using the same password across all your accounts. It’s tedious going through every account to try to quickly change your password before there is any negative impact. The reality is that all businesses of all sizes and types are at risk. The key is doing everything you can to reduce your organization’s risk level as much as possible. But how do you do that across an entire organization or company?
The dark web can seem ominous, especially if you’re not familiar with it, which is the case for most people. While monitoring the dark web may not be your area of expertise, many MSPs offer dark web monitoring for their business accounts to take this task on for you. This way, you can rest assured that someone is keeping an eye out on the dark web for any compromising information. When your MSP adds this to your subscription, you will be notified of potential websites and companies that were breached. Also, you will be provided with action steps to take, such as changing your password. Unfortunately, without this, you may never find out that there was a breach or know that you need to change your passwords until it’s too late.
Because managing passwords across all your accounts is a challenge, password managers can be highly beneficial. Even if you have a utility to manage large passphrases a breach is still possible, although it does make it easier to deal with changes. Password managers like LastPass allow you to easily manage your passwords and quickly make any necessary changes if a breach were to occur. With a service like LastPass, you can manage employee access. Even when they aren’t in the office, you can grant access to applications with the flexibility to revoke access if needed. It’s a great way to enhance your company’s security, especially if you have employees working remotely.
Enforcing multi-factor authentication across your organization, where possible, is essential to lowering your risk of a breach. When the option is there, make sure that you turn on two-factor or multi-factor authentication. If you don’t have access to it already, you can subscribe to a service that can be used within your business network. This can be managed along with your passwords. This way if your password does get compromised, there is little chance of a breach because of the secondary function required to access the site or network.
If you believe that your organization is not at risk, ensure you do your due diligence frequently to double-check that you’re doing everything you can to prevent a breach. The truth is, those who feel safe and like it can’t happen to them are most at risk. Those who are the most proactive at keeping their organization’s passwords secure are truly the safest. It might seem like a hassle to put all these measures into place. However, it beats having a breach within your organization and coping with the negative impact that could have. If you’d like to discuss adding these types of protections to your organization, LammTech would be happy to discuss the best course of action for you.