editor’s question
CHRIS KUBIC,
CISO, FIDELIS
CYBERSECURITY
A
ccording to
the data from
Verizon’s 2019
Data Breach
Report, 80%
of breaches
are a result of
compromised passwords. In order to
prevent hacking and data breaches in
the new decade, businesses must invest
in establishing a secure and efficient
password security approach.
Companies should utilise best
practices, enforce necessary policies
and procedures, and implement them
business-wide.
Here is a list of the top five password
security best practices that will
allow businesses to decrease and
prevent attacks.
1. Reference US National Institute
of Standards and Technology
(NIST) guidance. In 2019, NIST
issued updated password security
30
recommendations based
on input from across
the government, industry
and academia. For the update,
NIST made a number of significant
changes to make it easier on
users so that they would pick easy
to remember but hard to guess
passwords and would hopefully not
reuse the same password across
multiple accounts.
2. Employees should use hard-to-
guess passwords. A password
should have a minimum of eight
characters using two or more of the
following: uppercase letters,
lowercase letters, numbers and
special characters. To make it easy
for you to remember but hard for an
attacker to guess, create a
passphrase. For example, pick a
phrase that is meaningful to you,
such as ‘Charleston, SC is a great
place to visit’. Using that phrase as
Two Factor
Authentication
complements
and strengthens
password security
and should be a
consideration for
every organisation.
80% of breaches
are a result of
compromised
passwords.
your guide, you might use
CSCiaGR8p2v! for your password.
Where available, and particularly
for your more sensitive accounts,
use Two Factor Authentication (2FA)
to augment the security of
your password.
3. Employees should use different
passwords for different
accounts. If one password
becomes compromised, your other
accounts are not compromised. I
would suggest using a password
manager to store and manage your
passwords. This eliminates the need
to remember and/or write down your
passwords. It’s also important that
you do not share your password
with others or display them in public
areas. It is ultimately the end-user’s
responsibility to safeguard their
passwords, although businesses
should take steps to ensure
awareness and compliance.
4. Change the default password on
all your network devices. Have
you recently bought new devices for
your office? Be sure to check if they
came with a default password set by
the manufacturer. Often the default
password will be the first one tried
by an attacker. It is important to do
this for everything connected to your
business network – routers, Wi-Fi
access points, security cameras,
printers, Internet of Things (IoT)
devices, etc.
5. Two Factor Authentication. Two
Factor Authentication complements
and strengthens password security
and should be a consideration for
every organisation. u
Issue 22
|
www.intelligentciso.com