How do we ensure password security across multiple offices?
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
That's a question that seemingly no one can find the answer to. For instance, the 2014 Verizon Data Breach Investigations Report found that the top 10 threat actions in 2013 involved people (i.e. passwords and phishing) and malware. Weak passwords are a security vulnerability that can get you into a bind very quickly.
Keeping passwords under control across multiple offices is not really all that different than keeping them under control in one office. It's helpful if you have a Windows domain where you can enforce password policies across all locations. Here are several other things to consider:
- People are going to take the path of least resistance with security. If you give users the option to set weak passwords, they will.
- You need to create standards for password policies that apply to all users across all systems, applications, databases and mobile devices.
- Management is often the most important underlying issue with weak passwords. I've seen it over and over again where IT and security teams try to do the right thing by creating stronger security policies, then users subsequently complain about all the inconvenience. Management doesn't want to hear it -- and many execs don't want strong passwords either -- so they proceed to tell IT/security to loosen up their policies. And thus the cycle of weak passwords and subsequent breaches begins.
- You need to be testing for password vulnerabilities on a periodic and consistent basis. Good network vulnerability scanners -- such as Nexpose and LanGuard -- and Web vulnerability scanners, such as Netsparker and NTOSpider, are great for finding the not-so-obvious weaknesses.
Some say that passwords are old-fashioned and that we shouldn't even be using them. However, the reality is passwords as a security mechanism are like trying to put toothpaste back in the tube -- they're here to stay, at least for the foreseeable future. Whether you have one office or multiple offices, it's good to go ahead and figure out ways you can set reasonable password policies for IT and desktop security.
A proper Windows desktop audit can help standardize configuration settings
How to disable the default Windows password filter
Find and fix Windows vulnerabilities with free, open-source tools
FAQ: Detecting rootkits and removing malware
Enterprise guidelines for secure remote access
Related Q&A from Kevin Beaver
When replacing an email security gateway, should a Web security gateway be used or another email gateway? Expert Kevin Beaver explains.continue reading
Expert Kevin Beaver explains how organizations should address end-of-software development dates, and what they ultimately mean to enterprise security.continue reading
Are read-only domain controllers a more secure option for setting up domain services in a DMZ than using a separate domain? Expert Kevin Beaver ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.