HomePasswords remain the most common way of stealing data

Passwords remain the most common way of stealing data

Most of all data thefts at present are based on passwords that are either stolen or weak. If you reuse your passwords, for example, you expose yourself and the company to a higher risk of a breach. We are also trained in creating passwords safely; they must not be too short, and so on. But even though we have a good idea of how safely structured passwords should be created, there are loopholes through which they can still be accessed.    

The world of security functions has twin-factor or multi-factor authentication, which is a simple way of making sure you have extra protection against any breach through your employees’ login details being stolen. It is a fact that many companies are now very much aware that multi-factor authentication is important, but have not got as far as implementing it in their own IT environment.  

Find out more about how you can increase security with multi-factor authentication.

If users have to identify themselves in an extra step through an app in their mobile (preferably) or a text message to their mobile, it is more difficult for a hacker to log into your systems using just a stolen identity or password.   

If you are not currently using MFA, an implementation should be your top priority from an IT security perspective! 

Different kinds of password-related breaches:  

To explain the importance of implementing multi-factor authentication (MFA), we will highlight here three ways of accessing sensitive business information through a stolen password, and where MFA can provide extra protection:  

When you try to log into a system by testing one or two of the most common passwords with a large number of accounts. For example, you collect hundreds of thousands of Swedish email addresses and run the common password “Summer2019!” with all of them. Does the password function here? No, as the password is so common that there is a very high probability that some of these accounts will be hacked. Once more, MFA would provide very good protection here. 

This is when hackers access lists or databases with passwords, enabling them to log into your systems. The user can then make life easier for the hacker by using the same password in several places. In this case you cannot protect yourself against a breach, as the hacker has access to the password. Unless you have MFA activated, for example.  

When a user is tricked into disclosing their login details with the aid of a stolen identity, as someone pretends to be someone else in an email and asks the user to click on a link, login into a system, etc. This means that the user discloses their password to the person mounting the attack.   

Conditional access
In Microsoft’s world of security functions there is Conditional Access, which is a way of checking users and their location, devices, applications, etc. and verifying them before allowing access to applications or data. You can implement policies for restricted access, request MFA or block access depending on whether you are in the office, working from home or are outside these zones. Conditional Access offers good basic protection to prevent unauthorised parties from accessing company data.   

We often use Conditional Access to block old protocols (e.g. POP, IMAP, SMTP) that do not support MFA. Old protocols are an extremely common line of attack. 

Do you want us to help you review the security level in your IT environment today? Feel free to leave your contact details in this form, and we will contact you for a security review in which we will take a look, free of charge, at how you can increase security in your current environment.   

Book a security review

Jesper Neumann
Cloud Solution Architect, Borås
Read more

More articles by Jesper

Passwords remain the most common way of stealing data

Read more

Do you want to get in touch?

We love customer dialogues and challenges. Contact us and we will help you!

  • Avsnittsavdelare

  • Avsnittsavdelare

This website uses cookies and personal data

When you visit https://nordlo.com, we at Nordlo Group AB use cookies and your personal data. Some cookies and some processing of personal data are necessary, while you choose whether to consent to others. You make your choice below. Your consent is entirely voluntary.

You have certain rights, such as the right to withdraw your consent and the right to lodge a complaint with a supervisory authority. Read more in our cookie policy and our privacy policy.

Manage your cookie-settings

Cookies and personal data that we use for analysis

To analyse how you use our website, we use cookies from Google and HubSpot's analytics service. We also process your personal data, e.g. your encrypted IP address, your geographical location and other information about how you use the website. 

Cookies and personal data that we use for marketing

We use cookies and your personal data to display relevant marketing and to follow up on such marketing when you visit other websites or social media. We do this with the aid of Google, Facebook, HubSpot and LinkedIn. The personal data that we process for marketing purposes include your IP address, information about how you use the website and information that these services already have about you.  

Ad measurement user cookies

In order to show relevant ads we place cookies to tailor ads for you

Personalized ads cookies

To show relevant and personal ads we place cookies to provide unique offers that are tailored to your user data