As per Yener Adal's blog post last month, during the month of October, we ran our initial data breach awareness campaign. The results were interesting, disappointing and more than a little concerning - here’s the overview:
- The initial campaign logged 16% of the currently active accounts in our helpdesk system had a single or multiple data breaches associated with it
- Of these, we had a 19.88% response rate to the issue, which means almost 20% of our user base has compromised passwords publically available
As the business owner, manager or someone with responsibility for IT systems security, this should scare you. And if it doesn't then something is wrong!
The vast majority of employees contacted did not think the security of their account was of concern enough to make contact with their IT support team, even after being informed that an email address and password combination they’ve previously used was posted publically online. A Global Password Security Report produced by LastPass in 2018 discovered that a staggering 59% of respondents professed to reusing passwords. So the chances of someone using compromised credentials for your company network is more than likely.
What makes this even worse, during this month of security awareness, we’ve had multiple instances of staff entering their credentials into bogus websites, having their credentials harvested and their accounts subsequently hacked.
So the take away here is that people do not care about their security until it is too late, and given the potential for loss (data, financial and reputation) is a concern for the business as well as the individual, the business should do everything it can to provide services that are as secure as possible. You don’t leave the keys in the lock of the office every night right?
What we highly recommend for ANY internet accessible
services at a minimum is two-factor authentication, with the second factor being a mobile phone app (the recommended option), SMS, or voice call. Any service that we recommend has this functionality built in and is very easy to set up. If you have an IT Managed Services
agreement with us we will be in touch with each of you this month in regards to the specific services you use to enable this functionality, and if you don’t we highly recommend you get in touch with us to have this enabled!
Don't wait until you've been compromised before you take action. Protect your company's data and IP like business depends on it - because it does.