Wait…. Affects the firm’s security?? Our firm doesn’t ever stay at a Marriott or an SPG hotel, so surely we are not at risk…. are we?? Unfortunately, the truth is that yes, your firm’s data is still at risk, and now more than ever. Even if as a company you always stay somewhere else. Even if your company never travels for business. Why? How?? Let’s dive in and take a look
Just recently a survey put out by LastPass by LogmeIn revealed some startling findings about users and their passwords. Even in the increased threat landscape, and the heightened awareness of cyber threats in the world today, it would appear that most people have not changed their bad habits. As a result of reviewing this latest research, we have come to the conclusion that there are three main reasons why a security breach like the one with the Marriott poses an immediate risk to not only the people’s account that got hacked, but also to their places of business.
- 1) 62% of people reuse the same password for work and personal accounts.
This fact alone puts your company at risk as soon as one of your employees is part of a data breach. With the majority of people using the same password for work that they use for their personal accounts, their potential to have that data stolen is now increased exponentially with survey responders having between 1 and 20 online accounts.
- 2) 59% reuse the same passwords across multiple accounts.
So not only are people using the same password for work and personal accounts, they are using the same password for ALL of their accounts. Yikes! Fear of forgetfulness was the number one reason for reuse, followed by wanting to know and be in control of their passwords. Many online sites use a combination of an email address and password for login information. If your employees (or you) are using their work email address and the same password they use to get logged into your network, how easy is it now for the bad guys to access all your firm’s data? They just found the key under the mat on your front porch.
- 3) 53% of the respondents confess to not changing their passwords in the past 12 months.
The extra scary part of this is that I would be willing to bet there are many people who never change their passwords unless a site forces them to do so. Think about this for a minute… If a person’s password has been breached, do you suspect they even know it’s been breached? Sometimes maybe, but certainly not always. Marriott just announced it to let everyone know, but they also admitted that they have been breached unknowingly since 2014. So if the bad guys stole your employee’s password a year ago, the employee didn’t know it, AND they haven’t changed their password in over a year…. then the bad guys had free access to your network and data for the last year and you didn’t know it. Super yikes!!
Each one of these stats by themselves alone pose a serious threat to your organization. Considering they actually ALL hold true for the majority of people…..your employees….possibly you….. It is easier than ever for your network and your data to now be breached as a result.
To make it even worse, did you know there is a place out there where all of this breached data gets bought and sold to more and more bad guys every day? It’s called the Dark Web, and it’s as nefarious as it sounds. So you’re not just worried about the specific bad guys that breached the Marriott. You have to worry about ALL of the bad actors out there because the access to your network, the keys to your data, just went up for sale.
So how about some good news… The good news is there are lots of different things you can do to help protect yourselves and your firm. For starters, don’t be guilty of any of the 3 things mentioned above. And next, know that security is all about layers. The more layers you have, the better protected you are.
One of those layers that we at DCNC feel is an absolute must in today’s world, is Dark Web ID. This wonderful service that we offer combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze and proactively monitor for your organization’s compromised or stolen employee and customer data. With Dark Web ID, if one of your employee’s username and passwords gets breached, and then shows up on the Dark Web, you will know it and be alerted. And now you can reach out and force that compromised employee to immediately change all of their passwords. Boom, you just changed the locks on the bad guys. Their “key” to your network and your data no longer works, and you are that much more secure because of it!
Article by Derek Burnham, 12/7/2018