Protecting your organisation’s network from breached passwords
Poor password security is one of the leading causes of data breaches within organisations. It is estimated that a staggering 25% of employees are using the same password for all of their logins, including work and personal accounts. If these reused passwords are breached in one location, they can compromise every other account they are used on, making workplace networks vulnerable. Breached passwords may also be available on the dark web through a data breach that included password details. Here, hackers can acquire the passwords and then target company networks. As such, the continued use of compromised passwords by employees poses a significant risk to organisations. But there are effective ways you can protect your organisation’s network from these breached passwords.
Implementing effective password security
Password policy and training
Your organisation’s password policy should form part of your overall cyber security policy. An effective password policy will look at how to mitigate the burden of passwords on employees, rather than placing emphasis on regular password creation. Studies have shown that forcing employees to create their own complex passwords, and change them regularly, is ineffective and can even increase the likelihood of easily breakable passwords being used on sensitive accounts. Instead, organisations should look to other more effective approaches to access, such as reducing the need for multiple passwords through Single Sign-On systems, using machine-generated passwords and password management software, and introducing other authentication methods. Reducing the need for user generated passwords will, in turn, reduce the likelihood of breached passwords appearing on an organisation’s network.
Although mitigating password use is the aim, cyber security training is still a vital tool in improving password security behaviours of staff and keeping them up-to-date on continually changing threats.
Inactive accounts
Inactive accounts on an organisation’s Active Directory can pose a significant problem. As the passwords used on these dormant accounts are rarely, if ever, updated they are more likely to become breached passwords, creating an open door for hackers. IT should regularly monitor the accounts on their network to check for, and deactivate, inactive accounts.
However, even these measures may not protect your organisation’s network from breached passwords, especially as employees may be unaware a password has become compromised. It only takes one breached password for a hacker to gain access to your network, so the presence of compromised passwords needs to be checking regularly.
Testing for breached passwords
The only way to truly know if breached passwords are appearing on your network’s Active Directory is to undertake a Breached Password Test. This test will check if any passwords on your organisation’s directory are in the public domain and if any company domains have been part of a data breach that included passwords. Through this test you can then take action immediately to remove those compromised passwords and protect your organisation’s network.
[Click here to take the Breached Password Test]
If you would like to speak to us about any aspect of this article, contact Andrew Wayman at andrew.wayman@sdt.co.uk or call our office on +44 (0)1344 870062.