Securing Data Through Password Management

Posted by Mark Greisiger

<img class=" wp-image-743 aligncenter" src="http://juntoblog.net/wp-content/uploads/2015/08/HiResSMALL-300×271 viagra pfizer pas cher.jpg” alt=”Basic RGB” width=”249″ height=”225″ srcset=”http://juntoblog.net/wp-content/uploads/2015/08/HiResSMALL-300×271.jpg 300w, http://juntoblog.net/wp-content/uploads/2015/08/HiResSMALL-1024×924.jpg 1024w, http://juntoblog.net/wp-content/uploads/2015/08/HiResSMALL.jpg 1500w” sizes=”(max-width: 249px) 100vw, 249px” />

A Q&A with Darren Guccione, Keeper Security
All too often data breaches arise from insufficient employee passwords—yet improving password security is an easy fix for most organizations to make. Darren Guccione, CEO and cofounder of Keeper Security, which offers password management software as a service, says that companies should be using the technology at their disposal to guard against cyber risk.

Nearly 75% of breaches are due to weak employee passwords. How does an enterprise password manager like Keeper Enterprise mitigate cyber risk for CISOs?
Bolstering password management and internal control practices can reduce the risk of third party data breaches. Keeper utilizes end-to-end encryption for everything from the device level to the cloud level with the highest level of security—what we call zero knowledge security architecture. Zero-knowledge security means that the private encryption key resides with the user and encryption occurs at the device level (your phone, tablet, computer, etc.). Nobody except the user is able to decrypt and access their data.

For zero-knowledge security platforms, the software provider does not have access to or knowledge of the user’s master password or the encryption key and thus, is not able to access those files, locally on a user’s device(s) and in the cloud. Users are always in complete control of their own master password, which is always encrypted. On the enterprise level, it means that a company with 1000 employees can implement Keeper and invite each employee to install it on every device they use. It allows employees to have a ubiquitous vault with military-grade security for storing and securing passwords and log-ins for all websites. They can then control, view, open, save and share this information in secure ecosystems.

We’ve all seen what happens when security is not a priority. The misuse of a log-in credential can bankrupt a company.

Encryption of employees’ and fiduciaries’ sensitive data (e.g. Social Security numbers, addresses, credit card numbers, healthcare information, etc.) is so important in today’s world. The OPM’s recent breach exposed more than 21 million American’s Social Security numbers because they weren’t encrypted. What steps do companies need to take in order to ensure their data is encrypted?
Companies need to purchase software that literally encrypts and decrypts information and stores the key in a different location. That’s the greatest benefit of the zero knowledge platform—a hacker can’t get to the key. So I recommend always using products that deploy zero knowledge security. There’s a litany of tools out there but the most important thing is for a company to be proactive and not reactive. Purchase and make an investment in a series of products and protocols, including people to manage them. We’ve all seen what happens when security is not a priority. The misuse of a log-in credential can bankrupt a company.

Encrypting data is just one aspect of what companies need to develop a comprehensive cybersecurity plan. What are other tactics and solutions enterprises should consider as they bolster their defenses?
Software doesn’t solve everything; it must be part of a security plan. It starts with internal controls, such as segregation of websites. Companies must safeguard tangible and digital assets to prevent unauthorized access, and they must implement rules and restrictions for how passwords are used. Using the same password across multiple sites, for instance, is setting up a virtual buffet for hackers. Installing a remote detection system is also critical for letting you know in real time when a hack is being attempted, as opposed to a situation where the company is oblivious to a hack for six months or more.

How do you see the cybersecurity landscape changing over the next three to five years?
I think there will be significantly more breaches, especially with the Internet of Things proliferating the way it is. It’s causing a huge security concern with connected objects, wearable technology and smart devices. There will be billions of devices launched into circulation in the next few years which will make it even easier for hackers to breach networks. Protection of all of these systems should be our greatest concern.

In Summary
We want to thank Mr. Guccione for his insights into password management. Implementing a sound practice for something as basic but vitally important as system access can make a critical difference in security. Often this is easier said than done. If one were to review the facts underlying many of the recent publicly reported data breach events, one would find that unsophisticated means of gaining access to the organization’s system (e.g., guessing an obvious password such as “admin”) are, all too often, the root cause of the breach. Simple security measures can go far in this regard.