ACE and Chubb are now one.
 
 
ACE has acquired Chubb, creating a global insurance leader
that will operate under the renowned Chubb name.
Learn More Not Now
print   email   Share

Privileged Passwords Subject To Attack

With 80 percent of breaches involving privileged passwords, keeping them secure must be a top priority. However, in a recent survey, 88 percent of IT security professionals said they "have trouble managing privileged passwords."

The survey of 900 IT security professionals also found that 57 percent do not monitor all privileged accounts, and 21 percent are completely unable to monitor or record activity performed with administrative credentials. In addition, 18 percent use paper-based logbooks, and 36 percent use spreadsheets, to manage privileged accounts, neither of which are secure. 

The survey also showed that 40 percent do not change default administrator passwords, and 86 percent "do not consistently change the password on their administrative accounts after each use." Alison DeNisco Rayome "Report: 40% of IT security leaders don't change default admin passwords," www.techrepublic.com (Nov. 7, 2017).


Commentary

Accessing privileged accounts is the easiest way for cybercriminals to steal or compromise data.

Privileged accounts allow users to perform any task on a device without restrictions. Obviously, a compromised privileged password creates a significant risk for any organization.

If a hacker infects a privileged account with malware, the malware can change the system preferences or install new services, which it cannot do without privileged access. As a result, hackers target privileged accounts.

Create and follow a privileged password management policy that requires users to keep administrative passwords secure and requires organizations to change them regularly. Limit the use of privileged access accounts, and require those with access to use them to protect those accounts, including logging off when tasks are performed.

Consider using a privileged password management technology solution rather than requiring IT professionals to keep track of privileged passwords. Because employees often fail to follow cybersecurity best practices, using a technology-based privileged account manager can lead to more secure data. 

Finally, your opinion is important to us. Please complete the opinion survey:

Login

Log-in to access Training Modules, Article Archives, Model Policies and more!

Latest Numbers

Unemployment Rate

4.1% in Nov 2017

Payroll Employment

+228,000(p) in Nov 2017

Average Hourly Earnings

+$0.05(p) in Nov 2017

Employment Cost Index (ECI)

+0.7% in 3rd Qtr of 2017

Productivity

+3.0% in 3rd Qtr of 2017

Source: Department of Labor

Chubb Offers for Employment Practices Liability (EPL) Insured:

Loss Prevention Reimbursement Credit

HR Acuity On-Demand

Best Practice Minute

Available presentations

What's New

Employers Beware Of Malware Trojan Stealing Contact Lists Using A Word Document

Ursnif, a sophisticated malware, combines a Trojan with a phishing attack. Learn how to protect your data from this and similar malware. Read More

OSHA Updates Online Form To Help Whistleblowers File Complaints

OSHA's online whistleblower complaint form has been revised. Learn about whistleblower protections against retaliation. Read More

Privileged Passwords Subject To Attack

The vast majority of IT security professionals do not follow best practices for keeping privileged passwords safe from data thieves. We examine. Read More