The need for an IT Security Risk assessment has never been greater. A comprehensive security audit will focus not only on your infrastructure, but also your employees. The weakest link.

Your IT department may have done everything they could to enforce complex passwords, but it’s not enough. How often do you think your users set a truly unique password for their work-based applications? A comparitech.com survey in January 2022 found that 59% of users use their name or birthdate in their password and 2/3 of users use the same password across multiple accounts. If a breach occurs on a single website, the attackers add those credentials to a database and frequently attempt to login to other sites with them. They often find a match.

Imagine one of your finance users signed up for an online music streaming service using their work email address. They used the same password that they use for their business applications. The streaming service is breached, and credentials are stolen. The attackers then attempt to login to an entire slew of online platforms, one of which being Amazon. Your user has a business Amazon account with your business credit card on file. The attacker goes on a shopping spree, and you’re left with a mess.

Think your accounts have never been breached? Head on over to https://haveibeenpwned.com and input your email address. You might be surprised.

Users are frustrated with complex passwords. They often write their passwords down and tape them to their monitors, keyboards, and desks. Anyone roaming the office can discover these credentials. Are you confident that your employees would question an outsider wandering through your office?

Users are being socially engineered on a daily basis and do not even realize it. Fraudulent phone calls, emails, text messages – all in the hopes that a user will give up their trusted login credentials, or secrets. Social media is flooded with surveys that seem innocent and fun, but are really used to mine password hints. Questions like “What is your mother’s maiden name? What was the name of your first pet? Where were you born?” These are frequently used as password recovery questions so as soon as the attacker has them, they can begin password reset attempts against popular websites. Once successful, they will change contact preferences, email address, password, and do whatever damage they can.

Passwords are a pain both for your users and IT departments. Password resets make up the largest portion of IT helpdesk requests. It does not have to be so complicated. Using modern day security implementations such as password management tools, and multifactor authentication coupled with security awareness training for your users is key. Call PDQ IT Solutions LLC today to discuss a security risk analysis of your environment.

Citation (1) https://www.comparitech.com/blog/information-security/password-statistics/

Citation (2) https://haveibeenpwned.com