Would You Sell Your Company Passwords For Cash?

Passwords for cash?  It sounds like a crazy idea, why would anyone want to sell their company password for cash?  Well a recent survey by Sailpoint uncovered a number of flaws in internet security practices by corporations worldwide.  All of these flaws pointed one commonality – human error / maliciousness was to blame.

The survey found that 1 in 5 respondents would sell their company passwords online to hackers for cash.  This is an alarming concept because by giving your company credentials to unscrupulous people, you are risking the identities of the people at the company.

Now the survey was pointing to people who had left the company that would sell their password.  Yet an even more alarming trend was found where 42% of people were still able to access their accounts from their last company.  Again, putting the safety of their employees at risk.

In a previous post, we discussed why employees need to protect their company’s data and how they can go about doing so.  The human factor is a huge challenge that makes it very difficult for companies to keep up.  But there ways for companies to protect themselves from the “human factor”.

1. When an employee leaves lock down their account before they leave the building.  Like we said earlier, 42% of companies don’t do this.  It is important to assign an IT person to either delete or change the password of the accounts that the person leaving the company holds.  Especially if that person was fired or laid off for whatever reason.  Employees that leave companies not by their choice may harbour some ill feelings for a while afterwards and may want to lash out.
2. Enforce a password policy that requires employees not to use the same password across multiple servers.  If a hacker was able to gain access to a particular company account, they will most likely try the same password on other servers such as email, financials, or other servers that hold sensitive information.  Because managing passwords is such as cumbersome task for all of us.  Especially strong passwords, it is important to get into the habit of using different passwords everywhere.
3. Use strong passwords.  We just mentioned it, but it is important to get away from simple passwords and force your employees to use strong passwords.  See our previous article on how you can do this with ease.
4. Educate and empower your employees to take ownership in cybersecurity.  When employees feel empowered and valued at their workplaces, they will go the extra mile so its important to empower them and educate them about how to protect their personal data that the company holds on them such as their social security number.
5. Invest in alternative forms of authentication.  Why is it necessary to use a password?  Each day advances are being made in alternative forms of authentication.  First off, if you must use a password, then there are devices available that you can give your employees that will generate a random code every minute or hour to which the employee must enter at the same time as their password.  Hackers won’t have access to that device unless its stolen.  Also there are other options such as fingerprint scanners, retina scanners and so on.  There are other options at your disposal and are becoming more and more accessible each day.  Using multiple ways to authenticate at the same time is known as two-factor authentication.

So there you have it, how you can defend against human error when it comes to the cyber security of your company.  Until next time, stay safe online.