It’s sometimes easy to forget that things like credential management, cybersecurity and password keepers haven’t been around all that long. Personal computers in the home didn’t really pick up steam until the 90s, and at that time the term “password hygiene” didn’t exist. It was the norm to pick a password that included your pet’s or child’s name. Or your birthday. Or 123456. Or QWERTY. And then to write it down on a bright yellow Post-it note, which lived on your desk. For all to see – and use, if they were so inclined.
Why Credential Management Is Essential Now
Credential management is a set of principles and guidelines that users should follow in effectively storing and managing user accounts and passwords to protect them as much as possible and prevent unauthorized access by hackers (AKA, bad actors).
Credential management is critical to keeping your online accounts safe and secure. By using a unique and strong password for each of your various online accounts, you can make it much more difficult for hackers to gain access to your information and prevent potential identity theft. In addition, credential management can also help you to be more productive in your work by allowing you to easily access all your online accounts.
Types of Attack Threats to Credential Security
There are several ways in which one’s password security can be threatened.
Brute Force Attacks
A brute force attack is when a hacker works through a variety of password combinations in an attempt to penetrate your personal accounts. Brute force attacks grew by 160% last year. Potential impacts from a brute force attack include the theft of personal data, the spreading of malware, and hijacking of systems for malicious means.
Phishing is a type of social engineering in which the bad actor sends a fraudulent message designed to trick the receiver into providing confidential information. Examples of common phishing emails include:
- A phony invoice encouraging the receiver to click on a link
- A threat of an account being closed unless the recipient clicks on a link to renew their account
- An email from the organization’s human resources department in regards to an upcoming payday
- Notification of unusual account activity that is not legitimate
Phishing emails have gotten increasingly slick and sophisticated throughout the years and often look identical, branding-wise, to the company they are purporting to be from.
With website spoofing a hacker will create a website that is identical to a legitimate website in the interest of getting visitors to share their log-in credentials and possibly even their credit card information. Spoof websites, when done well, can be very difficult to detect. A few indicators that the site you are visiting may be a spoof site include the presence of spelling and formatting errors, the url is http rather than https, and the padlock is missing from the website address bar.
How does your organization ensure that employees that have credentials to sensitive online accounts are not continuing to access these accounts once they are no longer employed with you? Given that 89% of employees retain access to corporate applications even after they are no longer employed with an organization, this is a huge liability that many organizations overlook.
Credential Management Best Practices
Strong credential management techniques are not complicated. Password management policies should include:
- Direction on what passwords should include to be strong
- Assigned role-based access to online accounts
- Permissions that are based on employees leaving or moving to new roles
- Guidelines for adhering to data and privacy regulations
Installing a culture of security at your organization, one in which credential management best practices are adhered to by employees at every level of the company, will make a true difference when it comes to cybersecurity management.
Above all else, making use of a credential management service can be a game changer as far as cybersecurity goes.
Credentials a Mess? We Can Help
As the Upper Midwest’s leading IT solutions provider, Deerwood Technologies understands just how critical password hygiene is. Which is why we use a credential management service ourselves! We don’t believe in offering solutions that we wouldn’t also use. In our office, Post-it notes are used for more important things – like reminding people not to microwave fish or to rinse out the coffee pot if they have the last cup.
Bottom line for credential management: A simple service can help you demonstrate compliance, make it easy to onboard new employees and lock out former employees.