Password management needs a rethink
By Industry Contributor 18 May 2022 | Categories: newsBy Geshan Naicker, IT Manager at Itec
With technology integrated into every facet of an organisation, there are massive consequences if systems go down, regardless of the size or industry sector of a business. Over the years, I have seen my share of the IT challenges companies face daily. However, these extend beyond the operational to include cybersecurity concerns as well.
According to Interpol’s African Cyberthreat Assessment Report 2021, online scams perpetrated through phishing, mass mailing, and social engineering are the most significant cyberthreats on the continent today. As part of this, digital extortion targeting individuals through direct blackmail campaigns and Business Email Compromise (BEC) have also become prominent as more companies embrace digital transformation efforts to keep employees connected in a distributed work environment.
Closer to home, malware attacks in South Africa are continually on the rise with the country seeing a 100% increase in mobile banking app fraud and a 22% increase in general malware attacks, according to the Accenture Cyberthreat Landscape in SA report.
Unfortunately, no organisation has the same level of IT maturity and there is no silver bullet that can solve all cybersecurity concerns. Whether it is working with an older generation more set in their ways or a younger one that can easily adapt to the new environment, business and technology leaders must rethink their approach to cybersecurity. It all begins with the humble password.
Basics done right
Much of the secret behind successful password management comes down to keeping employees informed about the importance of security and the consequences to themselves and the business if their passwords are compromised.
Such has the pervasiveness of cyberattacks become, that no company can consider itself safe from a breach. This makes education of staff integral to any password management interventions that are applied.
A company can have the most sophisticated cybersecurity solutions and well-thought-out defensive strategies in place, but if an employee clicks on a compromised email link or opens a malicious attachment, the network will be compromised. In fact, many security vendors have shifted attention away from selling solutions to better enable companies to strengthen the human firewall. This concept centres on making the individual employee at a business more aware of what constitutes cybersecurity best practice.
Home fortress
This is especially important when considering how many people are logging in to the corporate network from their home or the friendly neighbourhood coffee shop Wi-Fi. Of course, our collective mobile dependency is resulting in a more productive workforce, more flexible working hours, and the opportunity to balance our job duties with our family time.
In this dynamic, it becomes vital to make passwords and cybersecurity hygiene as easy as possible to do without people feeling they are being inconvenienced by the measures implemented. In this regard, incremental changes can often mean the difference between strengthened security posture and a potential catastrophic failure.
Over the years, I have seen this approach to be one of the best ways to ensure success when it comes to cybersecurity. For example, a company might start with something as straightforward as having employee passwords expire after 30 days. Following this, a gradual increase in password complexity can be implemented, such as using a combination of uppercase, lowercase, and special characters.
While this will make great inroads to improving the home fortress, whether it is the company or personal network, there is another approach to consider. By removing the administrative rights on laptops, companies can decrease their risk of compromise by almost 95%. This also mitigates the damage caused by Shadow IT or if the device is compromised by a cyberthreat.
An evolving dynamic
The rise of cloud-based collaboration tools like Microsoft 365, Google Docs, and others mean local businesses must understand the difference of on-premises security to cloud-based environments. While the cloud has been positioned as a more secure platform, there are security aspects to be considered.
The product offering used by the service provider might have improved security than what a company can do from an on-premises perspective, but people still need to access online systems using a password. This process therefore is only as secure as the password management behind it. If the company does not prioritise how password strategies are defined, they could soon be dealing with a breach that could have a disastrous financial and reputational impact on the longevity of the business.
So, while humble, the password remains as important today, as it was 30 days ago, and will be in 30 days to come.
Most Read Articles
Have Your Say
What new tech or developments are you most anticipating this year?