“It took one password.” This is a common comment we hear in the cybersecurity field. One person, one employee, one vendor with a weak password opens the door to your business and hackers walk right in. We discuss 3 ways to get back to password basics and our thoughts on accountability.
A recent New York Times article read, “Hackers used one worker’s login information to penetrate the Law Department’s network after officials failed to implement a simple security measure…” The reason this is such an eye-opener when it comes to a hack is, “New York City’s Law Department holds some of the city’s most closely guarded secrets: evidence of police misconduct, the identities of young children charged with serious crimes, plaintiffs’ medical records and personal data for thousands of city employees.”
How did this hack happen?
In order for the hacker to crack the 1000 lawyer-agency network was ONE stolen password. Read that again, the hacker found ONE worker’s password and that opened the door to the entire network.
3 Ways To Get Back To Password Basics
What is one of the biggest revelations?
The Law Department – more than two years ago – required everyone to use a multifactor authentication system. More than two years ago, but there doesn’t appear to have been any follow through to ensure those protocols were followed. No one tracked the data and ensured the steps were adhered to. Because of that ALL that information is now out there on the dark web.
Too little too late
Sources in the article stated that the Mayor, Bill de Blasio, “admonished the heads of the city agencies to shore up their cyber-defenses or face consequences…” Shouldn’t that have been done before? When the multi-factor authentication “requirement” was handed down – why wasn’t there a call for implementation and consequences for not adhering to the new rule?
WareGeeks Solutions team members are wondering…
- How many people know about this lack of cybersecurity
- How long did it/was it going on
- Who should have been responsible for overseeing the implementation of the multi-factor authentication
- What is the accountability for this hack occurring
- Whose heads will roll?
This hack shows that the policy of the multi-factor authentication was not taken seriously – by the employees and even by the IT department or staff member in the IT department who should have been tasked with ensuring this was adhered to.
When we perform cybersecurity audits we look at the processes and protocols you have in place. We look at whether these policies are being adhered to – after all, if you say something needs to be done to protect your company from a cyberattack there needs to be someone in charge of its implementation.
There needs to be a:
- Chain of command
- Training of staff
- Accountability that helps eliminate human risk factors
Bottom line: The buck stops with the CEO. That person is ultimately responsible for ensuring cybersecurity policies are implemented and that someone is held accountable.
WareGeeks Solutions is a Roselle, New Jersey-based full-service IT Solutions and Service Provider.
We specialize in Data Protection, specifically Business Continuity and Disaster Recovery (BCDR) and Cyber Security. We work with all small, medium, and large companies. We conduct a multi-level risk analysis that identifies processes procedures and/or technology that stifle productivity with oppressive layers of complexity. If you have IT or security questions contact Seth at WareGeeks Solutions. For information or a consultation, call (877) 653-7146, or email us at firstname.lastname@example.org. www.waregeeks.com