COVID-19 has changed the way we work in 2020 and for the foreseeable future. Working from home is now the new normal and many organizations took advantage of free trials and special offers to secure their workforce as a quick fix at the beginning of the global pandemic. Although, on reflection now, were those deals as good as they promised to be? Varying levels of software came under scrutiny as they became weak links to opening up gateways to companies’ IT infrastructure for hackers to infiltrate.
With more users needing to be accommodated through SaaS applications and VPNs for corporate networks, the demand for systems to be safe became more paramount and with every system, it starts with identifying yourself before proceeding on any secure platform. Staff have set themselves up at home but have become guilty of using the same passwords for both personal and work accounts for ease and convenience and this is one of the first points of attack for cybercriminals. Cybersecurity bodies across the world including NCSC and Interpol have reached out to both end-users and CISO’s advising of the importance of ensuring strong PINs or passwords and setting up Multi-Factor Authentication.
Interpol has advised that among the most common cyberattacks on remote workers are phishing (read Authlogics blog about the dangers of corporate phishing), malware and ransomware whilst TechRadar reported the recent discovery of Agent Tesla malware that now has new variants and modules with the ability to steal passwords and credentials from a range of popular apps including Google Chrome, Chromium, Safari, Mozilla Firefox, Microsoft Edge, Opera, Microsoft Outlook, Mozilla Thunderbird, OpenVPN and more as well as VPN software, and FTP and email clients. While some people may be able to choose good VPN options outside of work scenarios (with many looking into VPNCompass Omegle unbanned options for their downtime), in the professional environment most have to make do with what they are given.
According to IBM, the average global cost per data breach stands at $3.86 million for organizations, and with the current circumstances, the Healthcare industry being the main target. This has risen significantly since more organizations become vulnerable to staff being away from the office environment.
Authlogics recently conducted a survey that shockingly revealed that staff are continuing to share passwords and are heavily reliant on helpdesks unlocking accounts and resetting passwords:
- A staggering 60% call the helpdesk every 2-6 weeks to reset a password or unlock an account.
- 13% are sharing their passwords with colleagues.
- Only 43% have any form of password security in place.
- The majority are interested in biometric authentication as nearly half (47%) do not use MFA to protect their login process.
- 57% were aware that their organization had experienced a breach.
The Impact On You
Do you need to know how vulnerable your organization’s IT infrastructure is from identity and password-based attacks?
Are your staff putting your company at risk?
You can start by finding out what breach data is publicly available here: http://passwordbreach.com/
Furthermore, Authlogics provide an Active Directory Password Audit which produces a detailed report highlighting the risks and issues with your actual AD user accounts. This report can be run remotely in minutes to identify people using breached passwords, using AD passwords on other public web sites, finds accounts sharing the same password, and has a breakdown per-user.
Don’t become one of the ‘remote’ statistics, secure your staff’s logins from afar. Protect your organization from weak passwords with Authlogics Password Security Management.
Authlogics Password Security Management (PSM) simplifies passwords by removing the complexity, preventing breached passwords via real-time and scheduled checking. The PSM stops accounts sharing passwords and offers automatic remediation with a user self-service password reset web portal and OTP.
Find out more, contact the Authlogics Team:
T: +44 (0)1344 568900