Just one weak password could easily expose your network to malicious internal or external cyber-attacks. Password harvesting is one of the most exploited and commonly used network security threats out there.
No organization is immune to having their passwords compromised. Over the past few years, even large websites like LinkedIn and Dropbox have had their internal databases posted on the internet as a result of password hacking. Fortunately, there are steps you can take to enforce an effective password policy at your company.
However, even though establishing internal password guidelines are a good start, it is not enough. Regularly conducting a password security audit can uncover any weak passwords currently utilized within your company. This way, you can fix any issues found before they become significant problems. A password audit also provides you with the opportunity to educate your users on how to generate strong passwords to protect themselves and your organization.
Below are some guidelines for creating strong passwords and Cyber Underwriters’ password audit solutions. A combination of both can help you safeguard the critical systems you rely on every day.
Good, strong passwords are a vital component in keeping your information secure and preventing unauthorized access. When establishing password policies at your company, keep the following suggestions in mind:
Research – Cyber attackers find your personal information; often through social media.
Contact – Once they have your information, cyber attackers use it to contact their target and gain their trust.
Attack – When a cyber attacker gets the information they want, they can access your systems, steal your data, and use it to assist them in additional attacks.
If you are looking for a password auditing tool, Cyber Underwriters has the following services available:
Basic External Reconnaissance Check: We search public database breaches for credentials linked to your @company.com accounts. Then, we attempt to crack passwords associated with those accounts and try to see if we can log in to your corporate resources.
Advanced External Reconnaissance Check: We utilize public search engines to build profiled entities of your employees that consist of names, emails, addresses, and usernames. Then we query that information against public database breaches to make sure your employees do not use their personal passwords on corporate resources.
Active Directory: We attempt to crack all your Active Directory (Windows login) passwords. Then, we build a customized report that contains statistics about your users’ password strengths. This password report is a beneficial way to help you identify those users with weak passwords, so you can have them change them to stronger ones. In our Active Directory services, we also query public database breaches for passwords. This way, we can uncover if your employees use their corporate passwords on their personal accounts.
Custom Cracking: We attempt to crack any passwords associated with a specific document, account, or application to give you peace of mind that it is safe and protected.
For more information on Cyber Underwriter’s password auditing services and how to keep your information secure, please contact us today.