Lessons in Cyber-Hygiene: Securing Employee Passwords

By James M. Paulino II Esq. and Meghan A. Collins Esq. of Goldberg Segalla The human element remains a significant threat vector for institutions of all sizes, and management is well advised to take proactive steps to educate and implement effective aEURoecyber-hygieneaEUR? policies for all employees to minimize the risks associated the range of social engineering tactics, from phishing to inadvertent disclosures, as well as curb the opportunities for plain old mistakes. The area of password protection is among the most obvious areas for improvement in the world of cyber-hygiene. In a recent survey of 750 IT administrators and company aEURoedecision makersaEUR? sponsored by CyberArk and conducted by Vanson Bourne, 40 percent of organizations reporting to using a Microsoft Word document or spreadsheet to store administrative passwords and another 28 percent of those polled use either a shared server or USB stick to store this sensitive information. Surprisingly, 67 percent of respondents felt their organizations had strong, secure cybersecurity leadership. Even if an organization does not serve passwords on a aEURoesilver platteraEUR? in the form of a Word document or Excel spreadsheet, few implement the most basic security protocols including mandatory changing and character requirements. Based on an analysis of over 2 million leaked passwords, the five most common are dangerously simple:
  1. 123456
  2. password
  3. 12345678
  4. qwerty
  5. 12345
As summarized by CMO of CyberArk, John Worral: aEURoeOrganizations undermine their own efforts by failing to enforce well-known security best practices around potential vulnerabilities associated with privileged accounts, third-party vendor access and data stored in the cloud.aEUR? While external threats may be unavoidable, organizations can take simple steps to minimize, or eliminate, obvious security risks from within. Taking steps, no matter how small, to teach employees basic aEURoecyber-hygieneaEUR? in the area of password protection, including securing administrative passwords outside the easy grasp of attackers, changing passwords frequently, and securing USB drives/sticks, will give your organization the best chance to minimize the aEURoehuman elementaEUR? from among cyber-threats. For more information, please contact James at jpaulino@goldbergsegalla.com - (585)295-8351 or Meghan at mcollins@goldbergsegalla.com - (312)572.8426

Meet The Experts

    Enter name of Insurance Company and press GO button.