Five Tips for Keeping Passwords Safe
Check out the key issues your users should always be aware of when it comes to password security.
A former network engineer of Gucci America has been accused of breaking into the computer systems of the upscale fashion boutique and going on an IT rampage. Sam Chihlung Yin allegedly accessed the company's network using a private network (VPN) token that he took with him after being fired over an unrelated matter. After tricking the Gucci IT department into activating the token a month later, Yin used it to gain remote access to the company's network. He then exploited his familiarity with Gucci's network configuration and administrator-level passwords to execute various misdeeds.
Below is a partial snapshot of what transgressed:
The various activities also prevented store managers as well as the e-commerce sales team from accessing their emails at one stage, which resulted in a loss of sales. In all, the intrusion was estimated to have cost Gucci more than $200,000 in diminished productivity, restoration and remediation measures, as well as other related expenses.
People do, of course, leave jobs all the time and most of them would never dream of logging back in to their old place of work to cause mischief. But it only takes one disaffected former worker to wreak havoc-so make sure your defenses are in place, and that only authorized users can access your sensitive systems.
While it would admittedly be hard to protect against, this incident does reiterate the somber point that security threats resulting in the most damages often originate from within the network. With this in mind, SMBs should be cognizant about not being too focused on investing solely in security appliances and software.
In addition, the administrative process of issuing accounts and system access should be more tightly monitored; dormant accounts should be disabled or deleted. Finally, companies should take password security more seriously and periodically change the administrative passwords to crucial servers and appliances on the network.