Anonymous is helping IT convince management to beef up network security.
Organizations like Anonymous takes great pride in breaking into corporate networks they politically disagree with. Recently the Canadian Grand Prix, U.S. Department of Justice and Alpha Unmanned Systems were all victimized. Whether I agree or disagree with Anonymous and their activities, they are shining a big spotlight on a problem that I have been shouting about for years only to land on deaf ears. Employees are the weakest link when it comes to network security and password management. If corporations, governments and institutions want to start beefing up their network security then start by security the “virtual front door.” Employees should not be picking, remembering, typing or even knowing network passwords. Power LogOn makes passwords security strong for IT and convenient for the employee.
While I personally am not a hacker, I do know some “White Hats” and they tell me that many of the hacking methods are not that sophisticated. This is not to say that Anonymous is unsophisticated but rather the security of their targets is. Attacking the vulnerability of weak password management is a common modus operandi. Majority of corporate employees use the exact same User Name and Password for multiple accounts, have simple passwords to type and/or write passwords on sticky notes by the computer. So if your employees practice any of these mistakes, than you fall into one of two classifications: You know you had a data breach, or you haven’t discovered your data breach yet.
With IT adding in more hurdles like longer passwords, more complexity and more change frequency is only making their networks more insecure. It is often touted by security pundits that what is need is:
- Every account has its own unique password. Do not fall into the trap of using one or two favored passwords across all accounts.
- Every password must follow strong password guidelines. Consider doing a Google search using the keywords “random password generator to find a free utility that can create unique passwords for you. http://www.thebitmill.com/tools/password.html
- Every password needs to be changed periodically.
- Never write down passwords or have unsecured files with all your passwords listed.
While these are great procedures, they all omit a key item: how is the user suppose to manage and remember all their accounts’ logons? This is where a secure password manager token like Power LogOn is required. Storing passwords in the browser, on a memory stick or in an unsecured smart phone is not secure. So here are some of the major considerations when evaluating and implementing password security tokens:
- Multi-factor authentication that includes: something you have, know and are.
- Limited number of false attempts to access password accounts before they are locked.
- Auto fill and submission of passwords.
- Passwords are encrypted and stored in a token that virus cannot attack
- Remove the employee out of the password generation process
- Auto-sync password updates within Active Directory with that stored on the token
- Access to logging into an account is very easy and convenient for the user
- Combine multiple of other functions with the token like building access and ID
It is very scary the information that Anonymous is gathering and is unclear how they are going to use the personal information they have collected. But, they are making it very clear to manager’s around the world that data security is no longer something to be treated lightly. The first line of defense has to be to first authenticate who is knocking on the network’s front door before they are allowed access. That’s why Anonymous is helping IT convince management to beef up network security