Comments Off on Stolen Usernames and Passwords – So What?
about stolen user accounts and passwords on the news all the time. It happens
so often that we barely react anymore.
– So what as long as it does not concern our company, some might think.
the IT security of Your company is in fact being compromised by such hacks,
although you have almost nothing to do with the organization hacked.
consider for example the recent hack of usernames and passwords at Disney+. While your organization might not be
directly linked to Disney+, you might still have employees who have a Disney+
It is a known issue that people reuse passwords. There are just so many
services you need a password for, both in your private and work life. There is
always the risk that some employees might have reused a Disney+ password for
systems in your IT environment. Unfortunately, when it comes to IT security
Murphy’s law usually applies.
What can we
do about this?
thing, we can demand that people use more strong passwords.
Using longer and more complex passwords will actually help, even if there would
be a reuse of the password across private and work applications. This is
because stolen lists of usernames and passwords are most often still encrypted.
An easy password is easier to decrypt than a complex one.
strategy can be to improve the user experience around passwords in your
organization. For example, if the user knows that it is easy to restore
passwords by self-service, then he/she will be more confident to choose a
unique password rather than reuse an old one.
Comments Off on What you should know about access management
companies are subject to strict regulatory requirements.
The topic of access management is important in almost all requirements.
ensure that these requirements are met, companies must be audited externally or
by their own auditors!
Here it is helpful to present targeted Audit analyses in order to be able to fulfil a fast data delivery within the scope of an audit and thus to be able to prove compliance with the right requirements.
In order to be able to meet the goals and requirements of access management, technical support is advantageous, but the purchase of a tool alone is not sufficient. Added to this is the complexity of access management:
In addition to
complexity, further problem areas arise
Our partner KMPG has to deal with a number of
errors and problems during external or internal audits, for example:
of the assigned or required authorizations (e.g. missing reporting options or
quality of the authorization descriptions)
on “legalizations” (applications / releases not comprehensible
(e.g. “trainee effect” or in relation to privileged accounts)
periodic quality assurance (“recertification”)
Lack of acceptance of responsibility
and waiting times for IT systems
with www authorizations (e.g. regarding information owners, entry in CMDB)
of the service desk due to increasing diversity of the application landscape
and the repetitive standard queries
of external employees/service providers and their access to company data not
not organized according to business functions, no role model available
Together with our partner KMPG, we have compiled a free white paper which shows how these regulatory requirements have been implemented and helps you to cope with the complexity of access management and compliance, security and efficiency. Here you can download it for free.
On average, internal users in insurance companies work with more 20 IT applications and distinct data stores while external business partners use up to 10 applications with access to the insurers’ data. But do you know for sure who controls the access to the data and who represents the biggest risk? And why?
Protect the sensitive data of insurance companies from unauthorized access!
Insurance companies operate in a rapidly growing but highly competitive market providing efficient and compliant services. To safeguard reputation, revenue and retention rates, the insurer must ensure customers are fully satisfied with its services and that their data is 100% protected.
But there are lots of threats to the security of data within the insurance industry due to unauthorized access to critical data of customers by cyberattacks, hacker attacks or a misuse by insiders.