How do we ensure password security across multiple offices?
That's a question that seemingly no one can find the answer to. For instance, the 2014 Verizon Data Breach Investigations Report found that the top 10 threat actions in 2013 involved people (i.e. passwords and phishing) and malware. Weak passwords are a security vulnerability that can get you into a bind very quickly.
Keeping passwords under control across multiple offices is not really all that different than keeping them under control in one office. It's helpful if you have a Windows domain where you can enforce password policies across all locations. Here are several other things to consider:
- People are going to take the path of least resistance with security. If you give users the option to set weak passwords, they will.
- You need to create standards for password policies that apply to all users across all systems, applications, databases and mobile devices.
- Management is often the most important underlying issue with weak passwords. I've seen it over and over again where IT and security teams try to do the right thing by creating stronger security policies, then users subsequently complain about all the inconvenience. Management doesn't want to hear it -- and many execs don't want strong passwords either -- so they proceed to tell IT/security to loosen up their policies. And thus the cycle of weak passwords and subsequent breaches begins.
- You need to be testing for password vulnerabilities on a periodic and consistent basis. Good network vulnerability scanners -- such as Nexpose and LanGuard -- and Web vulnerability scanners, such as Netsparker and NTOSpider, are great for finding the not-so-obvious weaknesses.
Some say that passwords are old-fashioned and that we shouldn't even be using them. However, the reality is passwords as a security mechanism are like trying to put toothpaste back in the tube -- they're here to stay, at least for the foreseeable future. Whether you have one office or multiple offices, it's good to go ahead and figure out ways you can set reasonable password policies for IT and desktop security.
A proper Windows desktop audit can help standardize configuration settings
How to disable the default Windows password filter
Find and fix Windows vulnerabilities with free, open-source tools
FAQ: Detecting rootkits and removing malware
Enterprise guidelines for secure remote access
Related Q&A from Kevin Beaver
For an enterprise application, assuming our development team does lots of little changes (in two- to three-week iterations), how frequently should we...continue reading
Is the PCI DSS a sufficient guideline for implementing an application security program? Should organizations take steps beyond the mandated PCI ...continue reading
The number of endpoint security vulnerabilities is daunting, but endpoint admins should first focus on updating patches against Windows malware.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.