Password change doesn’t boost your enterprise cyber security

As data security concerns are increasing day by day, most security experts say that frequent password change can bolster enterprise cyber security. But this isn’t true in practical say experts from National Institute of Standards and Technology (NIST).

Security experts from NIST say that enterprise IT managers should start formulating user-friendly password policies by encouraging the use of long and alpha-numeral passwords which need to be case sensitive and must & should include at least one special character.

NIST experts also say that company CIOs should use dictionaries to vet passwords, and should strictly avoid hints and knowledge-based authentication such as security questions where the user is asked like mother’s name, date of birth, hometown etc…

The security experts from NIST have a viewpoint that employees usually cope with a 60-day password reset cycle by generating new passwords which are easily memorable to them. As these passwords are easy to hack they make the entire database on the network vulnerable to cyber criminals, as hackers can harvest passwords via phishing or key logging.

To better cope with such situations, enterprise managers should stop relying only on passwords and should use more than one authentication method, at least for sensitive data.

Also, companies should also focus on keeping a backup of all data in the event of a disaster. This helps in keeping business continuity intact even if a cyber attack takes place.

Even in cases where database gets hacked and criminals succeed in inducing malware like Ransomware into the database, the businesses can smartly overcome the situation by going for the latest backup copy to keep the data continuity intact.

This move will help organizations in two ways. Firstly, it helps in witnessing minimum or zero downtime for critical applications and secondly, businesses can avoid paying ransom to cyber criminals in order to unlock the database.

Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display