We had an interesting situation recently with one of our clients that highlights the importance of good password security.
We got a report of a breach of the client’s network one morning. Our team responded and found that the breach had occurred using one of the users Office 365 accounts. We had them reset their password to something new and complex as we found that they had not originally taken our advice regarding password use. We cleaned up the mess that was found and were able to give them a clean bill of health at that time.
We did a dark web scan and found that this users’ credentials were present on the dark web, which is where the hackers go to get their targets. We let the client know that this is where the breach had likely started and that his password was known to the hackers.
We also advised the client that they really should sign up for our dark web monitoring services and implement 2-factor authentication. Of course, it’s up to the client to agree to do these things and we can’t force this on them, so the client declined our offer and said that he didn’t want to bother with this as it was a one-off occasion and would not happen again.
Guess what… 2 months later the same user was breached AGAIN!! We investigated and could not find anything new on the dark web, so were somewhat perplexed as to how they had gotten past the new and more secure password that the client had changed too. We spent quite some time to understand what the hackers had done and how they got in. Sadly though, we found that the client didn’t like having a more complex password and had changed it back to the old one from a few months ago… which was already known on the dark web.
It’s at this point that we needed to have a far more serious conversation with the client about 2-Factor authentication as it really was not an option to NOT go without it. 2-Factor Authentication alone could have prevented this entire second breach regardless of the password he selected. The reality of today’s environment is that without 2-Factor Authentication, it’s only a matter of time before you are breached. At Correct Solutions, we have all our critical systems protected by 2-Factor Authentication as this is the only way we can ensure that the person accessing them is truly the person we have authorised to access them.
What are you doing about your security?
Unsure about your organisation’s security after reading our clients story? Have a chat with us and see how we can help.