Page 74 - Cyber Defense eMagazine forJune 2021
P. 74
can be as simple as a user providing their password, then entering an accompanying numeric
code from an SMS text.
● Set passwords for personal devices – Personal devices are on the rise in a remote-work
environment and are particularly vulnerable to data theft, so encourage your employees to
password-protect them.
● Change your Wi-Fi password regularly – Remember that potential hackers are often working
from home, just like us. If you haven’t updated your Wi-Fi password recently, do it immediately.
● Establish mandatory password rotations – Greatly reduce exploitation of default and easily-
guessable employee credentials by making your employees change their passwords regularly.
● Update your account lockout requirements – Prevent brute force password attacks by
immediately locking out access points after several failed login attempts.”
Jon Clemenson, director, Information Security, TokenEx
“Despite technology trends moving toward risk-based authentication, passwords are likely to remain in
play for some time. Considering this, World Password Day provides the perfect opportunity to reiterate
strong password policies that are vital to both personal and business security. Cybercriminals often reuse
credentials from password dumps found online, commonly referred to as credential stuffing, to access
sensitive data. That tactic combined with using simple passwords does not provide appropriate data
protection. We ask users not to repurpose passwords across websites, and instead, institute lengthy and
unique complex passwords whenever possible in conjunction with two-factor authentication.
Further, malware and other attack methods can completely bypass passwords, which is especially
concerning during remote work. Before cyber thieves can advance on your credentials, we recommend
using password managers to auto generate strong passwords, or moving to biometric or physical keys
for authentication, which are more secure than using passwords. For sensitive data like credit card
numbers or other personal info, businesses can remove that data from systems entirely using
tokenization. That way, if a hacker does access company systems, they won't steal any useful
information.
Finally, to rise above being a ‘low hanging fruit’ target for a malicious actor, good password hygiene
practices like not sharing or reusing passwords are vital. Investing the time to take one extra step to
secure your data is invaluable when compared to the fallout of a data breach.”
Glenn Veil, VP, engineering, Wisetail
"Passwords play a critical, ongoing role in different aspects of our lives. In our personal lives, they provide
a layer of defense against fraud and identity theft. In the workplace, they defend us against a breach of
sensitive company or customer data. At Wisetail, we implement policies, standards and guidelines around
credential security, but the key is to create awareness and sensitivity in our employees through education
and training.
Here are some tips we recommend to protect yourself and your business from cyberattacks:
Cyber Defense eMagazine – June 2021 Edition 74
Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.