Ineffective password security practices plague organizations
Posted on 28 May 2014.
Just over 13 percent of IT security professionals admit to being able to access previous employers’ systems using their old credentials, according to Lieberman Software.


The survey was conduced at a recent IT security conference, and looked at the attitudes of more than 270 IT professionals toward password management and cloud security. It revealed that of those who can still access their former employers’ systems, nearly 23 percent can get into their previous two employers’ systems using old credentials and more than 16 percent admit to still having access to systems at all previous employers.

In response to these findings, Philip Lieberman, CEO and President of Lieberman Software, said: “The results of this research shows that a fundamental lack of IT security awareness in enterprises, particularly in the arena of controlling privileged logins, is potentially paving the way for a further wave of data breaches. Organizations must implement a policy where privileged account passwords are automatically updated on a frequent basis, with unique and complex values. That way, when an employee does leave the company, he is not taking the password secrets that can gain access to highly sensitive systems.”

Other findings from the survey reveal that nearly 84 percent of organizations have a policy to ensure contractors cannot access corporate systems after they leave the company; however, more than 16 percent of respondents admit that their organization either does not have such a policy, or they are not aware of one.

“Companies and government agencies should not take such a lax approach to password management, especially given the attention that the Edward Snowden / NSA scandal has received,” Lieberman continued. “Basic security best practices include minimizing the insider threat and sophisticated criminal hackers by managing the powerful privileged passwords that grant access to systems containing sensitive data.”





Spotlight

Operation Pawn Storm: Varied targets and attack vectors, next-level spear-phishing tactics

Posted on 23 October 2014.  |  Targets of the spear phishing emails included staff at the Ministry of Defense in France, in the Vatican Embassy in Iraq, military officials from a number of countries, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //