Why Depending on your Employees’ Passwords for Business Security is a Bad Idea

What’s wrong with Employees Passwords?

While most company employees are hardworking and honest about taking care of their employer’s physical property –they will make sure doors are locked and alarms activated– the landscape of digital security can result in a very different story. Why? Because for many people, even people employed in tech oriented companies, the real needs of a secure digital environment aren’t really well understood.

This is obvious enough when it comes to complex digital security issues like virus protection and remote server security, but it can also apply to some of the most basic security precautions we all use every day if we’re working online. We’re talking, of course, about password security, and it’s an area where so many employees simply don’t have a clue about what a really secure password means.

If this seems like a harsh judgment, note that according to research conducted by Verizon Communications, some 78% of all corporate data breaches are considered to be very easy by hackers and the vast majority of them are due to employee sloppiness with passwords in particular and other basic security measures more generally.

To give just one example of how easily dangerous this security negligence can be, a recent case nmaed Fort Disco by police investigators, involved a group of hackers using a relatively small 25,000 node botnet to scan the internet for vulnerable websites whose hosting server admin passwords were easy to guess by the malware; things like 123456 or people’s names.

This was a very, very simple, almost lazy hack attempt but even as such it resulted in more than 6,000 website intrusions! Of course, not all of these were the fault of employees, many website owners and small business operators are also often uninformed about password security.

The essential problem behind all of these breaches and weaknesses lies in the simple fact that employees often completely underestimate the power of software, mathematics and intruder cleverness in breaking what to an employee seems like a “hard” password. The simple truth is that even long passwords can usually be broken in just seconds or minutes with the use of dictionary attacks by pass cracking software applications.

This sort of negligence is an absolute joy for the kinds of online intruders who often randomly scan digital servers looking for weak or default passwords that employees never bothered to customize and enlarge.

You can easily avoid falling victim to the same course of problems, and especially so if you happen to run a company with a small, more close knit group of employees working for you. Let’s cover some vital tips, and take a look at real password security, some useful applications and something called Two Factor Authentication

Securing your Data the Better Way

Securing your information in a way that completely circumvents potential employee laziness and forgetfulness is something that you can do quite easily through the use of three different powerful tools. With these, you don’t need to waste time giving your workers any sort of pep talks about maintaining good security, nor do you need to waste possibly unhelpful effort explaining to them about good password security only to have them forget or ignore what they’ve learned anyhow.

No, instead, with the use of easy to use tools and procedures such as password control services, virtual private networks and two-factor authentication, you can ensure your data is safe regardless of how those who work for you behave.

Two Factor Authentication (TFA)

Your most powerful tool for protection of your valuable private network data, business related social networking accounts email logins and cloud storage systems will be the dead reliable technology of two factor authentication.

TFA, as it’s called in short, is a mechanism by which instead of simply depending on a password (whether it’s a secure password or a crappy one) you can only gain access to sensitive data in whatever storage medium by also typing in a second factor. This will normally be a one time, single session key that’s mailed to your smart phone or a physical passkey receiving device every time you want to log in to something.

Most online services offer TFA for free and you can easily set it up for yourself and your employees through the security settings of your email, social media, web hosting, online banking and cloud storage accounts. LinkedIn, Facebook, Gmail, Dreamhost (hosting) and GoDaddy all offer TFA free of charge as part of their web security services.

With TFA enabled, your employees can be as lazy as they like about password size and data will still remain secure because of that second passkey factor they also need to use.

Last Pass

A second tool you can implement to beef security up even further by also securing your passwords even if you have TFA enabled is the service known as LastPass. What they offer is a system by which you use a single LastPass password to access your account with the company and from there open specific third party accounts that LastPass administers on your behalf with their own ultra long computer generated passwords.

In essence, LastPass automates the process of password generation for all your different online data storage accounts and social media, making sure that you’re always using reliable passwords even if employees aren’t security conscious. LastPass also simplifies password generation enormously by requiring you to remember only a single password.

Virtual Private Network Security and TFA

Now we come to the powerful combination of Virtual private networks and two factor authentication. By combining the two, you are creating a remarkably secure internal network where you can store your company information and keep your employees from accidentally weakening the security of this network.

VPNs are internal or external web communication networks that you and your collaborators can use to safely move data between protected storage systems in an encrypted, password secured way. By adding TFA to this secure communications and storage network, you’re creating a triple layer of security that rigorously protects your information. This is particularly the case if you’re also practicing good password security.

While this entire setup may seem simple, it really isn’t. There are numerous high quality digital security companies that offer it as a comprehensive service which you can easily set up and have running in no time. Authentify is one, as linked above, but there are also others.

Post Tags

About Author
Osho is Tech blogger. He contributes to the Blogging, Gadgets, Social Media and Tech News section on TecheHow.