What's the Best Way to Solve Weak Password Problems?

One of the major IT security problems at a business (regardless of size) is access security. Passwords are often the only thing keeping hackers out of everything from company cloud storage accounts to remote server access.

Passwords are also coming under attack more often than ever before. In the most recent Verizon Data Breach Investigations Report (DBIR), it was found that in 2019:

  • 77% of cloud account breaches were due to compromised passwords
  • Password dumpers became the #1 malware used in breaches
  • Theft of passwords was the #1 target of phishing emails

The problem that many companies have with passwords being the weak link in their cybersecurity strategy is that they are controlled by a user. Users will often create weak passwords so that they are easier for them to remember and because they simply have too many passwords to juggle.

Employees at small businesses have as many as 85 different passwords to keep track of.

Too many passwords to remember and the need for strong and unique passwords are generally in conflict with one another. The result of that conflict is often poor password security.

However, there are some best practices that your Connecticut business can put in place to solve this dilemma and improve your access security.

Best Practices for Secure Passwords & Improved IT Security

Make Multi-Factor Authentication a Requirement

Two factors are better than one when it comes to your account security. Multi-factor authentication (MFA) makes it much more difficult for a hacker to gain access to your data even if they have the user password.

When you enable MFA for all of your accounts, this adds the additional requirement of a time-sensitive one-time use login code that is sent to a registered user device. Without that code, someone trying to login cannot gain access even if they have the right password.

This is one of the most significant protections that you can put in place to keep your accounts secure. According to Microsoft, it blocks 99.9% of attempted fraudulent account sign-ins.

Use a Business Password Manager

There are so many passwords to remember that employees inevitably end up going through the “lost my password” process multiple times in a month. One report found that on average 11 hours per year per employee is lost due to resetting passwords.

A business password manager can solve this problem as well as keep employee passwords more secure by ensuring that they are not reused and are following strong password practices (combination of letters, numbers, symbols, etc.).

Benefits of a business password manager:

  • Securely keeps all passwords in a vault
  • Uses local encryption for security
  • Employees only have to remember one password to access all passwords
  • Businesses will not get locked out of company accounts if an employee leaves unexpectedly
  • Can be used to securely store all types of information (company credit cards, FTP details, etc.)

Deploy a Network Access Control System

Companies have multiple endpoints connecting to their network from a variety of places. Many employees now work remotely at least part of the time which can complicate network security if the proper controls are not in place.

A network access control system allows you to use more sophisticated password challenge factors to ensure that only those users that should be in your system are allowed in.

This includes things like location-based access management which can automatically block a user that is outside a designated country or region. It can also add additional challenge questions if a user is logging in from a different IP address than usual.

Another way that a network access control system can improve cybersecurity is through the ability to easily revoke employee access to all business apps during the offboarding process.

Use the Rule of Least Privilege

Not all user accounts are the same when hacked by a cyber attacker. For example, a compromised user account that doesn’t have access to copy, edit or delete files limits what the hacker can do.

On the other hand, if the hacker gains access to a user account that has administrative privileges then it is like hitting the lottery. They can do things like change security settings, access data and add or remove users.

You reduce your risk in the case of a password breach by using the Rule of Least Privilege. This means that you should always give users the lowest system access level that you can while still allowing them to do their job.

It is also a good idea to use a single dedicated administrator account for any admin tasks on a system or in a cloud platform instead of granting a standard user account admin-level privileges.

Admins simply log into the single dedicated account when doing admin duties and then log out when they are finished and log back into their normal user account.

Get Digital & Physical Access Control Solutions at Sound Computers

We have reliable and powerful access control solutions both for digital and physical access security.

Contact us today to schedule a free consultation. Call 860-577-8060 or reach us online.

January 12, 2021
Sound Computers Admin