Over 13% of the world population is on social network and the number keeps growing exponentially. Those who do not own an account on Facebook or Twitter are now being viewed as those living in prehistoric times.
No doubt, social media is wonderful in helping you stay connected with friends, but the sheer popularity of social media attracts the attention of cyber criminals looking for ways to harvest identities. Recent surveys by IT security analysts clearly indicate that social media is fast emerging the most convenient platform for malware delivery by hackers. Clickjacking, phishing, identity sniffing are all continuing unabated and are growing at a faster pace. Despite untiring awareness campaigns by the social media giants, even tech-savvy users are falling prey to attacks perpetrated through the social media.
With the proliferation of online applications, users find it hard to remember passwords and follow the easy way of using the same password for all the accounts like-social media, banking, brokerage, and other business accounts. This single master-key practice makes the hackers doubly happy. Their job gets greatly simplified. Identity theft at one place leads to compromises at numerous other places. In all probability, hackers would be able to easily gain access to other online accounts too.
Cyber criminals find perpetrating attacks on social media very easy. Just consider these scenarios:
- An employee has used the same password for his social media accounts as well as work email and VPN. Data expose at just one site could invite hackers to your organizations doorstep!
- You are using the same password for your social media account and for online financial accounts. Password expose at one place could potentially drain your account.
So, when security incidents happen at one of the places/sites, you should essentially reset the passwords of all other online accounts too. But, before you could do that, you should have the list of all online applications in which you own an account!
Making things worse, of late there seems to be a change in the modus-operandi of hackers and they are not relying only on the the traditional attack patterns anymore. Cyber criminals are increasingly targeting the login credentials of employees and administrative passwords of IT resources, using a number of techniques like spam and phishing emails, keystroke loggers, and Remote Access Trojans (RAT).
Once the login credentials of an employee or an administrative password of a sensitive IT resource is compromised, the institution will become a paradise for the hacker. The criminal is then able to initiate unauthorized wire transfers, view the transactions of customers, download customer information or carry out sabotage.
In addition, just as it happened with LinkedIn last year where over 6.46 mn hashed passwords were stolen, hackers are eyeing on stealing identities in a big way. The situation becomes much graver if a stolen password has also been used to access a variety of applications and websites.
There is no magic wand: Use a unique password for every site.
The combat strategy starts with educating your users on the essentials of proper password management. You should also enforce an organization-wide password policy that mandates usage of strong, unique passwords on sensitive resources.
It is always prudent to have unique passwords for every website and application and supply it only on that site/application. When there is a news of password expose or hacks, you can just change the password for that site/app alone. Frequently changing passwords as a habit is also highly recommended.
But, here comes the problem: You will have to remember multiple passwords and sometimes in the order of tens or even hundreds. It is quite likely that you will forget passwords and at the most needed occasion, you will struggle logging in, resulting in password fatigue. Also, enforcing a password policy manually would be impossible.
SOLUTION AHOY: USE A PASSWORD MANAGER
Just like you have an email account; consider using a password manager too. In order to combat cyber threats, proper password management should ideally become a way of life. Password managers help securely store all your logins and passwords. In addition, you will get an option to launch a direct connection to the websites/applications from the password vault and GUI itself. Once when you deploy a password manager, you can say goodbye to password fatigue and security lapses. You can also automatically enforce your password policy organization wide. With unique passwords for every online application, you need not fear about identity thefts perpetrated through social media.