Personal E-mail Breach Serves as Cautionary Tale for Enterprises
Posted by Courion Corporation on Thu, Oct 22, 2009
Recently, reports have surfaced revealing that user log-in credentials for more than 30,000 Web-based email accounts - including those from AOL, Gmail, Hotmail and Yahoo Mail, among others - have been stolen and made publicly available on the Internet. It's interesting to note that analysis of the stolen Hotmail passwords showed that 42% used only letters, nearly 20% only numbers, and the most frequently-used passwords overall were - you guessed it - "123456" and "123456789."
Although these particular attacks occurred with consumers' personal, Web-based email accounts, the cautionary message applies equally to enterprises. Companies need to keep in mind that "cross-over" will inevitably exist between employees' personal and business accounts - work-related emails may be forwarded to or sent directly to and from personal accounts or employees may also choose to replicate "personal" passwords for work applications. These bad password practices, among others, can expose more than employees' personal information, opening the door to corporate security and compliance risks that can potentially result in serious financial and reputational losses.
Enterprises need to ensure they've put in place sound password safeguards that ensure optimized security and compliance with password policies while still promoting ease-of-use and productivity for employees. Our customers are achieving these benefits through self-service password management and synchronization which has been seen to reduce password-related Help Desk calls by more than 80%. Users are able to access their password profiles and make changes at any time, rather than only when the Help Desk is open, and the new passwords are automatically applied across all other relevant applications and systems. IT staff can set and enforce self-service password policies in accordance with industry regulations and internal best practices, such as requiring more complex passwords - like minimum password length, mixed cases and numeric or other special characters - and more frequent password renewal, among other things. But whatever the password management solution, companies need to be keenly aware of the potentially bad personal password practices that employees may carry over into the workplace as well as the increasingly blurry lines between personal and work-related applications and access to them.