Passwords remain the most common way of stealing data
Most of all data thefts at present are based on passwords that are either stolen or weak. If you reuse your passwords, for example, you expose yourself and the company to a higher risk of a breach. We are also trained in creating passwords safely; they must not be too short, and so on. But even though we have a good idea of how safely structured passwords should be created, there are loopholes through which they can still be accessed.
The world of security functions has twin-factor or multi-factor authentication, which is a simple way of making sure you have extra protection against any breach through your employees’ login details being stolen. It is a fact that many companies are now very much aware that multi-factor authentication is important, but have not got as far as implementing it in their own IT environment.
Find out more about how you can increase security with multi-factor authentication.
If users have to identify themselves in an extra step through an app in their mobile (preferably) or a text message to their mobile, it is more difficult for a hacker to log into your systems using just a stolen identity or password.
If you are not currently using MFA, an implementation should be your top priority from an IT security perspective!
Different kinds of password-related breaches:
To explain the importance of implementing multi-factor authentication (MFA), we will highlight here three ways of accessing sensitive business information through a stolen password, and where MFA can provide extra protection:
Password spraying
When you try to log into a system by testing one or two of the most common passwords with a large number of accounts. For example, you collect hundreds of thousands of Swedish email addresses and run the common password “Summer2019!” with all of them. Does the password function here? No, as the password is so common that there is a very high probability that some of these accounts will be hacked. Once more, MFA would provide very good protection here.
Credential Stuffing
This is when hackers access lists or databases with passwords, enabling them to log into your systems. The user can then make life easier for the hacker by using the same password in several places. In this case you cannot protect yourself against a breach, as the hacker has access to the password. Unless you have MFA activated, for example.
Phishing
When a user is tricked into disclosing their login details with the aid of a stolen identity, as someone pretends to be someone else in an email and asks the user to click on a link, login into a system, etc. This means that the user discloses their password to the person mounting the attack.
Conditional access
In Microsoft’s world of security functions there is Conditional Access, which is a way of checking users and their location, devices, applications, etc. and verifying them before allowing access to applications or data. You can implement policies for restricted access, request MFA or block access depending on whether you are in the office, working from home or are outside these zones. Conditional Access offers good basic protection to prevent unauthorised parties from accessing company data.
We often use Conditional Access to block old protocols (e.g. POP, IMAP, SMTP) that do not support MFA. Old protocols are an extremely common line of attack.
Do you want us to help you review the security level in your IT environment today? Feel free to leave your contact details in this form, and we will contact you for a security review in which we will take a look, free of charge, at how you can increase security in your current environment.
