Data Security

passwords offer an illusion of security

Usernames and Passwords: An Illusion of Security 

By | Data Security, Email Security

Many organizations, especially small businesses, rely on username and password protocol as their primary cybersecurity protection method. They assume that requiring employees to use strong passwords, and then requiring regular changes them, is an adequate approach to cyberattack prevention. On the contrary: Relying primarily on passwords alone is not as secure as most of us are led to believe.

The Verizon 2023 Data Breach Investigations Report revealed two of the major findings that bear directly on this issue. Of the data breaches that were analyzed:

  • 74% of all breaches include the human element, with people being involved either via Error, Privilege Misuse, Use of stolen credentials or Social Engineering.
  • 83% of breaches involved External actors.
  • Ransomware is present today in more than 62% of all incidents.

People Don’t Use Best Practices with Passwords

Most people don’t want to remember numerous usernames and passwords for multiple accounts and programs, and many don’t feel confident in their ability to accurately recall that information. More so, they dislike having to regularly change their password for individual accounts, and being forced to forget previous a password in exchange for new ones. To deal with this frustration, they tend to do one of two things (or both):

  • Re-use the same usernames and passwords across multiple accounts
  • Write down their usernames and passwords, and store them in their workspace (usually in a place that is easy to find, often on their desk or in a top drawer)

Recent stats  reveal that 75% of people globally don’t adhere to widely-accepted password best practices with 64% either using weak passwords or repeat variations of passwords to protect their online accounts.

  • Remember, 80 percent of all hacking-related breaches leveraged weak or stolen passwords
  • Repeated passwords used on multiple sites increase the risk of successful breaches on internal company sites. If passwords on personal accounts (online shopping, banking, personal email, social media, etc.) match passwords on company sites (employee login, company email, etc.), hackers can apply those identical passwords to other accounts with the same or similar usernames – and many people use the same username format across multiple accounts (e.g., John_Doe, or John.Doe).
  • This means that any password, no matter how strong it is, is vulnerable the more often it is used with multiple accounts, especially when it is associated with the same (or similar) username.
  • If 83 percent of breaches were perpetrated by external actors, this means that 17 percent were committed by insiders. Many internal attacks don’t have to target one particular employee’s access; in many cases, accessing one member of a team or department (or even the entire company) is all that is required. Thus, having an employee record usernames and passwords, and store them in an obvious place, makes internal attacks much easier and more likely.

Passwords Are Not Enough

Having a system of employee usernames and passwords is not enough. Passwords, to be at all effective, need to be randomly generated strings of characters, changed frequently, and accompanied by two-factor authentication and protected by additional layers of security, backup and recovery, and monitoring. And even though 91% of people understand that reusing passwords is a security risk, more than 6 in 10 people admit to reusing passwords.(LastPass)

Passwords alone cannot protect your organization. Even passwords your employees use outside of your company – say for their pizza delivery service – can end up compromising your network. Credentials are a hot commodity on the dark web, and cyber criminals continue to find more sophisticated ways to steal credentials or trick employees into handing over credentials.

thinkCSC is here to help ensure your cybersecurity systems are strong and vibrant, to assist you in your preparation for and response to cyberattacks. Together, we can avoid the mistakes that are common among so many businesses and organizations, in the end becoming as secure as possible in today’s technological world.

Employees Can Be the First Line of Defense

While thinkCSC believes that employees will always be the first line of defense against ransomware attacks, the only real solution is for leaders of all –organizations – businesses of all sizes, government entities, schools, hospitals, and –others – to invest in stronger IT security that includes offsite backup and recovery and managed security. These protections, combined with ongoing staff training, password manager tools, multi-factor authentication, strict security policies, and constant vigilance, are an absolute necessity in today’s cyber-environment.

We are here to help you with all of your security needs, from password management and MFA to cybersecurity and more. Get in touch.

law firms need managed IT

5 Reasons Law Firms Need a Managed IT Partner

By | Data Security, Outsourced IT | No Comments

Law firms and attorneys are well-versed on the necessity of maintaining compliance and are more sensitive to the importance of protecting client data because of the type of work they do. However, knowing what needs to be protected and understanding how to ensure that your firm has the right solutions in place to ensure that protection are two different things. There are five reasons why law firms should partner with a managed service provider (MSP).

Reduce the Risk of a Data Breach

A data breach could have costly consequences for a law firm. Lawyers work with some of the most confidential information of any industry. A data breach that exposes client information can result in fines, loss of faith, and, ironically, lawsuits.

Establish Efficient and Secure Access to Documents

Law firms, like every industry, have learned to rely on technology to operate efficiently. From the convenience of being able to complete court forms online to having the ability to streamline intake with new clients, the days of paper files are fading swiftly. Efficiency without security, however, is a recipe for disaster. Secure cloud hosting can ensure that you can work from wherever you need to be for your clients without putting their information, and yours, at risk.

Ensure Uninterrupted Work

When you partner with an MSP, you have a team of experts supporting you, monitoring your network, and proactively keeping your law firm up and running. Down time means reduced billable hours. From patching and hardware management to detecting threats before they happen, an MSP can help your law firm achieve higher levels of business continuity.

They’re Just a Phone Call Away

When something does happen that impacts your business, minor IT issues, for instance, or adding new attorneys to your network, your MSP partner is there to help you adjust and align your IT security and systems to meet your needs. Services are scalable, so you can quickly ramp up during periods of high growth – without having to take time away from your legal work.

Maintain Compliance

Law firms are held to a high standard when it comes to protecting client data, and new regulations are being introduced regularly that add more protections to consumer privacy. An MSP can help your firm meet compliance requirements, whether you’re a local attorney or an international law firm with clients around the world.

When it comes to ensuring your Columbus law firm is maximizing billable hours and minimizing risk, partnering with a managed service partner like thinkCSC is an easy judgment. Learn more about our legal IT services.