The current health crisis is greatly accelerating telecommuting for employees with a job that allows it. We have seen in the news that there has been an increase in computer attacks which take advantage of loopholes related to telecommuting, especially concerning passwords. If a hacker gets in to your system he can integrate the company network and commit sabotage. In order to protect your passwords, here are several points to keep in mind:

Social engineering

An ill-intentioned person can create a fake site (Phishing) and deceive unsuspecting users by retrieving the passwords sent to the site in question.

Solution: Generally checking the properly of the URL is enough to know if it is the right website.  

Inappropriate storage

In order not to forget their passwords some people write it on paper, but it can be easily accessible. Example: password on a post-it stuck on a desk wall.

Solution: Store all your passwords in a password manager software as KeePass per example.

Good guess

Personal information can be used to find a password. Example: using a name or date of birth. 

Solution: In order to avoid this attack, you must use a password as random as possible and store it in your password manager.

Strength in Numbers

By testing thousands of combinations using a special program, it is possible for the correct password to be found.

Solution: Use a strength password (minimum length of 12 characters including uppercase, lowercase numbers and special characters) and store it in your password manager.

Key logging

A keylogger can take two forms, either software or hardware. In both cases, it is completely undetectable by antivirus software and collects all keystrokes.

Solution: Check your computer’s network activity, running process and services. If any doubt, use the virtual keyboard and if possible, use an anti-spyware. In any case, don’t install software with a doubtful source.

Interception

“Man-in-the-middle” is a type of attack that consists of intercepting communications.

Solution: One of the method to prevent this risk is to use a VPN (Vitual Privat Network) and Zero Trust Privilege solution when available in your organization.

Observation

By simply watching a person type in their password, a hacker can use this data for attacks.

Solution: Firstly use a computer privacy screen filter to get your screen more confidential. Secondly the best way to prevent the risk of password theft is to use a password manager and copy past the right password.

 

Conclusion

Never forget that even with all this protection a password is not enough to protect fully your data, that is why it is important to activate the multi-factor authentication as much as possible. 

Privileged Access is the key to the kingdom.
Do you have the list of those holding a golden key?

Brainwave helps you to identify privileged accounts that went undetected by your PAM solution.

➡️ Join our webinar to learn how, here

❗️ You are not available ? Register and benefit from our replay 😉