Passwords: All You Need to Remember about Deloitte’s Breach
Deloitte, one of the big 4 accountancy firms, was hit by a destructive cyber-attack in November that compromised its emails and secret client records. The company provides high-end cyber-security advice to some of the world’s biggest banks, multinational companies, media enterprises, pharmaceutical firms and government agencies, and is therefore combatting for its reputation.
According to the Guardian, Deloitte clients across all of these sectors had material in the company email system that was breached. The firm is still trying to identify the hackers or the motive behind the data breach and is conducting a comprehensive internal inquiry into the incident. Back in April, it hired a law firm, Hogan Lovells, for assistance in reviewing a 'possible cyber-security incident'.
Deloitte is yet to come up with a comprehensive disclosure of the data breach, unlike Equifax, what is known is that the breach occurred due to a weak password protection in an admin account that required a single password to unlock. Once Hackers found their way in and unlocked the account, they not only accessed sensitive emails from the company's clients, but also accessed 'usernames, passwords, IP addresses, architectural diagrams for businesses and health information'.
Poor password policies, employees lack of awareness and mobile-targeted attacks are some of the main causes of cyber-attacks.
In a survey conducted by Keeper Security of more than 1,000 IT professionals, 54% of respondents said negligent employees were the root cause of a data breach, while only 43% of them have a password policy in place, & 59% of respondents say they do not have visibility into their employees’ password practices.
Bottom line: Organizations must ensure that their password policy is being respected, they must work on raising awareness among their employees about the importance of password protection and security measures, and train them on password selection and usage, and off-course layer up their security with multiple authentication using security questions, cryptographic credentials, or biometric identifiers.
For all of you worried about your protection and passwords, keep in mind these few tips:
- A longer password is usually better than a more random password
- Keep your password complex even if long passwords are better
- Keep the digits, special characters, and capital letters in the middle
- Don’t use a unique password everywhere
- Use strong passwords and don't re-use them after a while
- Don’t change passwords so often, just make sure they’re secure