- About Us
- IT Services
- IT Security
- Cloud Services
- Who We Help
- Contact Us
What happens when an employee goes rogue? If they have passwords to business accounts, they can cause a lot of harm in a small time span. Do you know how to protect against this?
A disgruntled employee can mean more than a bad review on Glassdoor.com – with access to your data, they can cause a lot of damage. That’s why password management solutions and policies are so important.
At first glance, the thought of an internal threat posed by a business’ employees can seem laughable. Especially to the managers and business owners. They know their staff members, right?
These are people that see each other every day. They get drinks after work here and there. They ask each other about their lives. How likely could that kind of security threat really be?
An “inside job” – it can seem more akin to a bad lifetime movie, or schlocky thriller plot.
But the reality? It’s far more common than you could imagine.
The fact is that other security threats – malware, ransomware, phishing, viruses, etc. – simply have more traction with the public’s attention than an insider threat does.
WannaCry was one of the biggest cybercrime stories of the century, and will likely hold on to that title until the next external-threat-based incident makes the news.
Because it makes more sense.
It’s easier to imagine a lone hacker sitting in a basement, targeting a business with their home-brewed cyber weapons than it is to think about what a disgruntled employee might do once they build up the nerve – whether you’re working with a Colorado Springs IT company for cybersecurity, or
managing your passwords on your own.
The fact is that insider threats are one of the more common security threats, and often cost the most to fix after the fact. According to the Ponemon Institute’s Cost of Inside Threats Study and Insider Threat Report:
You’re not going to like the answer, but you need to hear it…
You (and your weak password policies) make your employees a serious threat.
The fact is that no matter the circumstances under which an employee is fired, if they still have your passwords, they can take revenge and do serious damage.
Try as you might to terminate someone on good terms, ultimately, how they react is out of your control. What you can control is their access to your systems and data.
That’s why password management is so important…
Despite the fact that passwords are the most direct way to access a user’s private information, most passwords in use today are not considered to be strong or complex enough – and even if they are, they aren’t updated often enough!
Passwords protect email accounts, banking information, private documents, administrator rights and more – and yet, user after user continues to make critical errors when it comes to choosing, protecting and managing their passwords.
That’s a good question.
Too rarely and you’ll find yourself threatened by ex-employees.
Too often and you’ll be wasting time with the update process, and constantly resetting passwords for employees that aren’t keeping up.
Let’s ask a few experts…
“For your corporate network account? Several times a year. […] Then use a strong, unique password on those, and change it regularly.”
– Mikko Hypponen, Chief Research Officer, F-Secure
“Passwords I use more often, over the Internet and are in sensitive sites are changed 2-3 times a year.”
– Harri Hursti, independent security researcher
Furthermore, the Better Business Bureau recommends changing passwords on a monthly basis – but some consider this to be too often.
As noted by the National Institute of Standards and Technology, the tendency to change passwords too often has had a negative effect on password security. Users have countless passwords to keep track of, and so they take other risks (simple passwords, writing them down on sticky notes, etc.) to keep up.
The bottom line is that changing your passwords too often is not the answer to protecting yourself against rogue employees – so what is?
Instead of forcing your staff to change their password every 30 days, the better way to maintain password security to implement a few best practices as a part of a company-culture -centric and documented policy:
For a more secure passphrase, you’re encouraged to combine multiple unrelated words to create the phrase, for example, “goldielittlelamb3pigs.”
By requiring a second piece of information like a randomly-generated numerical code sent by text message, you’re better able to ensure that the person using your employee’s login credentials is actually who they say they are. Biometrics like fingerprints, voice, or even iris scans are also options, as are physical objects like keycards.
In the end, managing as strict password policy, creating strong passwords, and using password managers can be frustrating, but it’s incredibly important. If you’re unsure about implementing these procedures, you can get a little help from a Colorado Springs IT company.
Privacy and security are major concerns for personal users and businesses alike these days, and so you have to be sure that you aren’t making it easy for hackers to access you or your business’ private data.
Like this article? Check out the following blogs on cybersecurity to learn more:
LabCorp Data Breach: What We Know
Small Business Guide to Protecting Critical Data