Last week, a group of Russian hackers collected over a billion usernames and passwords from Fortune 500 sites down to small websites. This is raising alarm and concern for IT admins because corporate credentials may be compromised, and confidential account records at risk. Hacking isn’t new, but global hacks at this scale underscore the importance of putting a security defense strategy in place.
But first, let’s step back and walk through what’s happened.
The Russian group of hackers, who are calling themselves “CyberVor,” are located somewhere in the south central region of Russia. They are using botnets to compromise end users who in turn help them figure out which sites are vulnerable. If one of their botnets finds a vulnerable site, it flags the site so that a CyberVor member can come back to it and take the entire database. With such a large number of accounts in their possession, it is very likely that many of us are a part of their database of compromised credentials.
As an IT admin running your organization’s identity management platforms and worrying about whether credentials have been compromised, there are a few steps you can take immediately to help secure your organization. Let’s also assume that this Russian compromise isn’t going to be the last one. Therefore, we want to put an identity and access management program in place that makes sense and has to let employees do their jobs effectively.
Enable two-factor authentication on any critical servers or applications.
Start with your most critical servers and applications. Two-factor authentication is a two-step process that asks users to provide both a password on a computer, and a code through a separate device (often a mobile phone), offering the best server security. We can help for your critical servers and Mac desktops, it’s easy and it is a night and day difference security-wise. With two-factor auth in place, a hacker would need both your password and your phone to compromise your account.
Setup 30-day password rotations without the ability to reuse passwords.
As painful as it is to remember passwords, force your team to regularly change passwords. We can help by enforcing password expiration across your internal and cloud server and desktop infrastructure, requiring users to use strong passwords, and making it very easy to change. Coupled with a password manager, they can build incredibly complex passwords, making it much more difficult or impossible for a hacker to obtain through brute force. The most important thing that password rotation will help with is that your users won’t settle in on the same password for their personal accounts and their professional ones.
Where possible, enable key-based access.
Although you can’t do this everywhere, enable SSH key access on your critical systems. Key-based authentication is considered the most secure of several modes of authentication usable with OpenSSH. Again, this is a step function change in your security posture. Additionally, the combination of an SSH key with a passphrase creates a two-factor authentication: it gives you something you have (your private key), as well as something you know (your passphrase). And, you can strengthen it by rotating your SSH keys regularly, and we can help make rotating temporary SSH keys a snap with our ssh user management functionality.
Encourage your employees to use different passwords.
Even if you have password rotation, it doesn’t help if employees use the same new password across all of their accounts. Encourage them to have—at minimum—three unique passwords for your business accounts. Or, better yet, require the use of a password manager. This not only gives you control over your employees’ access from a central location, but it also can ensure that every password is strong and unique.
While taking these steps isn’t easy, there are people that can help. At JumpCloud®, we’ve built a platform called Directory-as-a-Service® to make it easy to enable multi-factor authentication, enforce password rotation, and manage SSH keys. There are other tools, such as password managers, that you can use as well. The online security breach is a problem that isn’t going to go away. However, there are identity management security measures that you can take to help protect yourself. We can all say that the compromised sites from CyberVor needed better security, but that doesn’t help your organization or your employees now.
If you assume that you need to put the ball in your own court to ensure that you keep you and your employees safe, you’ll act differently. Take some simple steps to increase the chances that even if your employees are compromised, it won’t impact your business.
Good luck, we hope your information wasn’t compromised, and if we can leave you with just one thing to do—go change all of your passwords.