The prospect of crippling cybersecurity incidents continues to plague companies as we all look to close out 2022 successfully. The latest edition of the Cyber Security Breaches Survey serves as a stark reminder of the threat both enterprises and small and medium-sized businesses (SMBs) face. Of those reporting incidents, 31% estimate they were attacked on average once a week, while one in five reported a negative outcome as a direct consequence of a cyberattack.
With the number and sophistication of attacks is only getting worse, it is more important than ever for SMBs and larger enterprises to solidify a comprehensive and broad cyber security strategy like River Run provides for our clients with R-Security.
This spans hardening the network infrastructure against infiltration to implementing firewalls, securing endpoint devices, and 24/7 AI and live Security Operations Center (SOC) monitoring. One aspect of business security strategy that is frequently taken for granted, however, is password security. Password security is a common pain point because it might seem straightforward to get right. As a result, it is easy to overlook.
Plugging the Gaps
According to Verizon’s latest data breach report, 81% of hacking-related breaches exploited stolen and/or weak employee passwords. Password hygiene is a major issue across society – not just in the business world – with some of the most common passwords last year still including ‘123456’ and ‘password’, which are used by millions of people. This reality is, sadly, also reflected across SMBs and enterprises, with Verizon’s research finding that 70% of employees reuse passwords at work, even though 91% know reusing passwords is poor practice. To make matters worse, 59% reuse passwords everywhere – in their personal and professional lives.
It is important that organizations prioritize protecting login credentials across the breadth of their business, while layering this into the overall cybersecurity strategy alongside other practices like employee training and routine backups. This might not be as easy as it sounds, especially for SMBs that are stretched on budget and human resources. However, a number of inexpensive, low-maintenance tools exist to help businesses get on top of password security, including those offered by Keeper Security. Keeper went through our rigorous process and was selected to be part of our R-Security offerings to best protect our clients from an attack.
Building Your Cybersecurity Stack
In modern data environments, comprehensive cybersecurity requires multiple layers of defense that work together. These layers would naturally include elements like cybersecurity training, as well as investing in protecting your endpoint devices. The starting point for defense-in-depth security is to implement a clearly defined access policy that determines which employees have access to what systems and data, as well as how passwords are created and stored.
First, your business must identify its weakest points in order to understand where there might be shortcomings. If you need help, River Run performs this service on behalf of our clients as part of our Security Foundations Review. A business must assess who has access to what data and software, establish whether they need to have access to the elements of the business they do, and limit access if necessary. This includes not just full-time employees but also remote workers, contractors, part-time staff, and anybody who interacts with the systems that power your business. As a rule, the more people who have access to software or data, the broader your attack surface will be. There will be, unfortunately, more opportunities for a data breach, given that most threats originate from within.
Businesses at this stage must create concrete policies around password management. This is a key step in building a multi-layered cybersecurity strategy. To that end, tools such as those provided by Keeper Security are key to implementing a zero-trust and zero-knowledge approach. In addition to password management and security, this approach requires secrets management, privileged access management (PAM), remote infrastructure security and encrypted messaging. In practice, this translates into using a unique encryption and data segregation framework to protect against remote data breaches.
The zero-trust security model is centered around the principles of assuming a breach, verifying explicitly, and ensuring least-privilege access. An affordable and easy-to-use enterprise password manager (EPM) allows organizations to implement zero-trust network access while slashing administrative overhead. This improves reliability and performance while boosting employee productivity. Administrators will get access to the tools they need to enforce robust password security, verify users and devices, and manage role-based access controls alongside least-privilege access and other policies like multi-factor authentication (MFA).
Keeper for Companies of All Sizes
Beyond EPM, Keeper Security offers a variety of products aimed at different-sized organizations, including Keeper Business and Keeper Enterprise, both of which apply least-privilege and zero-trust principles to password management. These foundational ideas form the basis of an essential identity access management (IAM) strategy.
Keeper Business provides businesses with complete visibility into employee password practices while giving them the tools to enforce company policies, monitor compliance and generate audit trails and reports. Keeper Enterprise, meanwhile, adds SSO support, SAML 2.0 authentication, automated team management, advanced MFA, alongside a host of advanced capabilities for larger businesses with hundreds of employees.
Keeper’s products, for which free trials and one-to-one demos are available, serve as a means to block some of the most common pathways to a data breach. You will be able to protect your organization against a variety of threats, including those emanating from the dark web, while securely sharing passwords and applying information security best practice across your organization’s data environment, regardless of its size or complexity.
Password protection is fundamental to creating a robust and holistic security strategy to keep your organization safe from data breaches, ransomware, and other password-related cyberattacks.
River Run is more than happy to arrange a free, personalized demo of Keeper and R-Security. We urge you to learn more about the latest in password security and other ways to protect your organization from cyberattacks.
Share this article