You’ve got too much going on just trying to keep your business or organization profitable to worry about every new security exploit that compromises not only your assets, but inherently, your clients’ trust.
Case in point, password manager OneLogin was recently hacked by an actor that accessed a set of Amazon Web Services (AWS) keys that allowed them to possibly decrypt encrypted data. And even more alarming, a defense contractor stored United States intelligence data in the AWS cloud completely unprotected. In the case of OneLogin, a number of personal accounts were at risk, but a large number of users likely stored work passwords, as well, that could have been extracted from the breach.
If you follow the news at all, you know breaches are a regular occurrence. Some trivial, some not. These events happen in all industries. The most dedicated practitioners of web security face issues like this, which means the average person is even more at risk. However, one positive effect of these breaches is that people in general are becoming more knowledgeable about security. A simple breach has the power to teach people what to do to protect their identities and access to their sensitive information.
In many cases where personal information or accounts are breached, there is a powerful tool that can assist in improving fundamental security: two-factor authentication. This is where a web service sends you a code via email or text to validate a new login. While security experts have found that text/email authentication aren’t without faults, it’s better than the username/password combination alone. By using two-factor authentication, you create a second obstacle to a hacker seeking to use your compromised credentials.
Also, pay attention to the nature of any potentially compromised accounts. Certain accounts may have the ability to do things like:
Remember: a compromised account has the appearance of a communication coming from you. How do you mitigate this risk? Don’t access your privileged accounts (anything using your monetary or personally identifiable information) unless absolutely necessary. Further, if you keep your passwords unique, security questions distinct, and recovery options completely different between everyday accounts and privileged accounts, you can limit your exposure to hacked passwords.
Finally, use best practices for password security. Create a password that is complex, uses upper case letters, numbers, and special characters. The longer a password is the better. A longer password will take longer for a brute force password program to detect.
Password and account security at work should follow the same best practices. Ideally, these practices are centrally managed by your IT department, which provides employees with a secure working environment that protects company resources. Control and management systems for accounts and passwords are critical to environments where compliance and security are significant concerns. In other environments, there may be an emphasis on the user to execute better password usage, eliminate account sharing, and other facets of enhanced account security.
Whether at work, or protecting your own accounts, it’s important to practice awareness and understand how modern security is working to protect information from the eyes and computers of hackers around the world.