The classic IT security protocol ‘username and password’ has become increasingly vulnerable to cyber attacks in recent years. According to recent research, account takeovers are becoming increasingly common, with nearly a third of American adults losing control of a digital account by 2023. A quarter of these were business accounts or accounts used for both personal and business use. Social media accounts were the most frequently hacked, with banking and email apps in second and third place. And 70% of hacked accounts were ‘protected’ by a password that the owner had reused elsewhere.
This is a serious wake-up call for organizations of all sizes. Not only are business accounts themselves at risk of direct takeover, but as the lines between personal and business IT become increasingly blurred, business systems can easily be compromised due to the use of personal accounts on business devices or the use of personal devices. for business purposes. And if you’re not disciplined about password reuse, something as simple as sharing your streaming password with a few friends can cost your company both financially and reputationally – if they’re not careful about it and it falls into the wrong hands. , it won’t be long before hackers exploit this weakness.
In short, we can no longer rely solely on passwords to maintain good cybersecurity hygiene in organizations. Bad actors are adept at using a variety of methods to decrypt passwords and breach systems. As a result, passwords need to be supplemented with additional layers of security. Let’s take a look at some of the key strategies organizations can deploy to improve their defenses against password-stealing exploits and ensure their systems remain secure in an increasingly challenging landscape.
IT product specialist at LG.
Mobile device management and the importance of single sign-on
First, it’s important to start developing a strong mobile device management policy. These will help strengthen the security of apps and the hardware they run on, determine how they are connected and ensure that there is as little chance of a breach as possible.
As part of strong mobile device management, single sign-on can be a useful way to balance security and usability. This allows users to log into multiple different apps with one set of credentials. A common example is using a single Google or Microsoft login to access email, word processing, spreadsheets, and slide-creation apps. The benefit of a robust Single Sign-On system is that companies can mandate a 90-day password change policy, and the system will effectively change all your passwords for all your apps, keeping you fresh and up to date. date remains. Even apps that aren’t used often get password resets regularly.
Single sign-on can also be expanded with two-factor authentication (2FA) or multi-factor authentication (MFA). When you log in, you will be required to enter a one-time password that will be sent to your work phone number or email address. This reduces the chance that hackers can take over your account simply by having access to your password. MFA also alerts the user if someone tries to log in, so that if it isn’t the user making the request, he or she will know someone is trying to break in. It is also possible to strengthen passwords by requiring them to be used in combination with a password. particular device, or the correct fingerprint.
Biometrics, fingerprints and innovations in identity security
Powerful innovations in biometric technologies and AI-powered smart security can also complement passwords and support users in taking additional measures that protect their online identity. For example, face, eye and gaze detection can be used to intuitively lock and unlock screens when users look away. AI can also help immediately identify unusual activity and alert consumers to potential breaches. For example, laptops running Windows 11 with integrated Windows Hello make it possible to unlock the computer with biometric data such as facial recognition using an IR-enabled webcam, in line with common use on smartphones.
Manage an attack
Containerization is also an important method of protecting hardware used for both personal and business needs. It allows companies to distribute storage on employees’ devices, virtually dividing the disk to achieve separate storage for corporate data and personal data on the same device. As a result, if something is compromised by, for example, personal use of an insecure app, containerization will limit the risk to personal apps, protecting corporate data.
If companies have good mobile device management software in place, any work-related files or apps can be remotely wiped from the device when the employee leaves. This reduces the risk of sensitive data being accidentally (or maliciously) leaked after their departure.
Train employees to stay on the line
Which leads to an important point: All the technology in the world won’t save companies from breaches if their employees aren’t properly trained in good security practices. Improving security comes down to employee awareness and training: doing the hard work of assigning a user a default password and training them on why updating it regularly is important.
One way to improve employee training outcomes is to use gamification. This will encourage participation and encourage all employees to care for and contribute to a secure cybersecurity culture. A basic example of gamification is encouraging participation through rewards such as winning tickets to major events or online shopping vouchers for those who complete the required training.
Organizations can conduct simulated phishing exercises and send fake phishing emails to see if employees fall for it. If staff not only evades the attack, but detects it and reports it correctly, they are rewarded in the same way – and as a result, good security practices are encouraged that go beyond the sense that they serve the greater security interest. It may sound a bit mercenary, but it’s ultimately a lot cheaper to recognize good security practices than it is to fix bad security practices.
Why passwords will eventually become obsolete
It’s entirely possible that the days of the simple password are numbered. In many breaches, passwords are the point of failure. Although brute force attacks are rarely used today, hackers have developed social engineering attacks to extract information from people: getting them on the phone and requesting information they are often happy to reveal, then guessing their password. Biometrics is the most promising alternative – both in terms of fingerprints or facial scans and behavioral biometrics, including analysis of how you type, move your mouse and how you interact with your device.
These types of preventive measures can give both businesses and employees the opportunity to practice safe security and better protect their online identity and presence.
We’ve highlighted the best business VPN.
This article was produced as part of Ny BreakingPro’s Expert Insights channel, where we profile the best and brightest minds in today’s technology industry. The views expressed here are those of the author and are not necessarily those of Ny BreakingPro or Future plc. If you are interested in contributing, you can read more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro