EXEControl Global Solutions would hope by this point in time, most of our readers are already aware of the most commonly used passwords. EXEControl Global Solutions has posted about weak passwords in the past and reported the most commonly used passwords. Number one and two did not change last year with them still being ‘123456’ and ‘password’. A simple Google search will give you the list of commonly used passwords.
However, this article is more focused on weak passwords vs. commonly used passwords. A common mistake users make is to have their password be the same as their User ID or there User ID followed by ‘123’. While this is tempting, it is not very safe. Just today we had a customer who had a phantom User ID hacked. The User ID was not an employee logon ID but rather a logon ID used by their business software. The password was the same as the User ID. The User ID was a semi-common phantom process name. Remember, User ID’s associated with software applications are easy User ID’s for hackers to identify. EXEControl Global Solutions have used these backdoors in cases of emergencies to gain access to systems (with permission from the client). EXEControl Global Solutions finds that most companies never change the access codes/passwords.
Back to our story, at 11:30pm on June 2, 2016, the client’s system was hacked through this phantom business software User ID. The hacker guessed that the password would be the same as the User ID and they were right. They then launched a version of the Crypto-Virus, a virus that encrypts all of your data and holds your data ransom. For a fee, the hacker will decrypt your files.
This story does have a happy ending… Because the client was using our recommended on-site and cloud-based backup solution, EXEControl Global Solutions was able to restore all files without the need of paying a ransom. Many companies are not so lucky.
The points we hope you take away from this article:
- Take the time to see if you have any access points to your network with default and/or weak passwords.
- Ensure that your network requires moderate, to strong passwords
- Passwords for non-employee access points should all be strong passwords and should be passwords that cannot be memorized easily. This will help protect the password from leaving your company through human means. These backdoor passwords often are the hardest to reset because you have to find all software points that require the password.
- Review your backup structure – what data is backed up, where and how?
- Make sure that backup locations store all files as read only. Do not give User ID access points rights to modify the files in anyway including the encryption of the files
These simple steps can help your company experience a safer and more secure network.
Should you need a professional IT firm to assist your efforts in maintaining a safe, secure, reliable and fast network, please contact EXEControl Global Solutions at firstname.lastname@example.org.