May 24, 2011 | By Randy Abrams, Director of Technical Education, Cyber Threat Analysis Center – ESET North America
Has Your Business Forced a Password Change Recently?
If you think that the hack of the Sony PlayStation Network in April has nothing to do with your company, you may potentially be a little bit myopic.
If your company has employees who used the Sony or Qriocity services then you should seriously be considering a companywide password change. Numerous studies of data breaches have confirmed that a very high number of users will use the same password for many, if not most or all of the sites they visit. If the employee used their work email to setup their account that makes it very easy for a cybercriminal to start attacking their work accounts. Even with a different email address, if the employee is easily found on social networking sites it may not be too difficult to track down where they work.
The scope of the data breach for the Sony PlayStation breach is far reaching and if you don’t know if you have any employees who used the service then it is far safer to simply enforce a corporate password change ASAP.
For some really good information about passwords, aside from what I have shared in past tech tips, you might want to take a look at Paul Laudanski’s recent article “No Chocolates for My Password Please” at http://blog.eset.com/2011/05/19/no-chocolates-for-my-passwords-please.
The use and management of good passwords and good password policies has gotten to be quite complex and without providing tools for your employees to use they are not going to be able to maintain secure passwords and that means less network security for your company.
For questions about security or suggestions of topics you would like to see here, please email me at AskESET@eset.com.