CEO series: Close your cybersecurity gap with a simple approach

The biggest breaches are caused by the smallest vulnerabilities. The latest breach out of Sweden is a perfect example. In an alarming reminder of what can happen when the most obvious measures are ignored, 2.7 million phone call recordings made to 1177 Vårdguiden (Sweden’s healthcare hotline), were stored on a publicly accessible server, without even a password.

Unfortunately, I’m not surprised. It is easy to forget the most basic safeguards when businesses are caught up in more complex issues.

All organizations have security gaps. In my previous blog post, I talked about the biggest security threat for businesses – leaked passwords. Leaked passwords, do not necessarily require complex initiatives to resolve. What’s needed is responsibility, common sense, and action.

About 80 percent of all data breaches are caused by stolen and/or weak passwords. Millions of leaked passwords are just a few clicks away on the Internet. Organizations that want to secure their business shouldn’t rely on their employees to make good password choices.

My challenge to you is to do something today to mitigate 80 percent of your security risk. In just a few minutes, you can understand your security gaps. Here are three important steps to get you started:

1. Tackle the problem. It goes beyond the IT department – management and legal need to be involved. What security gaps can be found? Which legal requirements apply to your business? What can you do to quickly close security gaps?
2. Do a simple health check. Nearly all organizations have exposed email addresses and/or passwords that are available online for purchase. An audit with the following free tools can help identify the most common vulnerabilities:
   • Specops Password Auditor scans Active Directory and provides insight on the level of protection your password policy provides against criminal attacks. The program also identifies stale accounts – which are a security concern because they are forgotten and can be used to access resources undetected.
   • Security expert Troy Hunt’s service haveibeenpwned.com/ allows you to quickly check leaked email addresses and passwords. As of today, Troy’s database has over 7 billion pwned accounts.
3. Tackle your biggest risk first. What can you do with your findings? The quickest way to mitigate major security risks is to block leaked passwords, and any passwords that are commonly used in your organization. This could be, for example, the company name or address. It is not enough to block 100 passwords, it is about millions of variations.

With just a few simple steps, you can avoid 80 percent of data breaches – so, what are you waiting for?