A data breach occurs when an unauthorized party gains access to confidential or protected information. And one of the easiest ways for a hacker to gain access is through user credentials.
63 percent of data breaches involve stolen, weak, or default user credentials. Credentials, which include usernames and passwords, are the backbone of any good security strategy. But they’re also the easiest for cyber criminals to permeate.
For example, if you’re a large enterprise with thousands of employees and contractors who use credentials to gain access to thousands of different applications, it only takes one weak set of credentials for a hacker to infiltrate a system and disrupt an organization.
Understanding what causes stolen or compromised user credentials can play a key role in preventing future security attacks like data breaches. We’ll discuss some common scenarios that can result in compromised credentials, as well as how to mitigate the risk involved.
Employees reuse the same passwords
One of the most common causes of data breach is simply the reuse of passwords across multiple devices, applications and websites. A recent SailPoint survey found that 75% of people reuse credentials across both their personal and work accounts.
The most common excuse for reusing a password centers around convenience, i.e. not having to remember hundreds of passwords. But it only takes one weak point of exposure for an intruder to gain access to your networks and accounts. And if you use the same email, username and password for everything, they now have the keys to the kingdom.
One of the smartest ways to solve this issue is to use password management software. A password manager is a tool that stores and generates user credentials behind an encrypted database and requires a master password to access.
Just keep in mind that no tool is foolproof so it’s best to do your research before selecting the best option out there.
Employees use easy-to-hack passwords
Not only do employees tend to reuse the same passwords across devices and applications, but their passwords are often simple enough for cyber criminals to hack into. The more complex the password, the harder it will be for a hacker to crack.
You need to create a password that can outsmart the assailant. Here are some tips for a strong password:
- Make your password long, and at a minimum, 10 characters
- Use uppercase and lowercase characters
- Use numbers and special characters
- Don’t use common phrases
- Use multiple words
For help crafting a solid password, check out our article on the top five password management best practices.
But while the above-mentioned methods help strengthen your passwords, it’s not an end all be all. For full coverage, it’s best to pair your strong passwords with multi-factor authentication software, biometrics (face and fingerprint recognition), as well as a password manager.
Employees don’t keep their passwords safe
It’s one thing to create a secure and unique password, but if you don’t keep them safe, there’s no guarantee to keep hackers out and data breaches at bay.
Studies have found that not only do employees tend to write down their passwords in notepads or sticky notes, they also tend to share passwords with other members of their team. This is just one reason why companies need to make use of password management tools. Most platforms actually allow you to securely share credentials with other employees on your team and within your organization.
You can also safeguard passwords through employee education. Educate employees on basic password hygiene practices and how to keep their credentials secure. Your organization should go through quarterly cyber security training, which teaches employees, contractors, and vendors how to accurately spot bad actors, scams, phishing attacks and more.
How to Prevent and Mitigate Data Breaches
In today’s complex environment, employees, as well as servers, networks, and devices hold credentials. So, if an attacker can unlock your organizations credentials, this escalates their ability to move laterally throughout the enterprise.
This is why it’s so vital to have strong user credentials, multiple methods for authentication, password management tools, and a strong cybersecurity program.
But more importantly, it all comes back to identity governance. Identity governance solutions help organizations inventory, analyze and understand access privileges granted to employees, contractors, and partners.
It protects your digital identities (credentials) and makes sure the right people have the right access to the right tools within your organization. Identity governance helps protect user access, ultimately helping to prevent data breach.
You might also be interested in:
Take control of your cloud platform.
Learn more about SailPoint and Identity Governance.