2 minute read    |    Cybersecurity, National Security

Cyber Security Starts with Password Security

As the threat posed in cyberspace by bad actors at home and abroad continues to persist and grow across public and private life, we often overlook one of its most fundamental elements, Password Security. This innocuous concept is the foundational building block of cybersecurity, however federal agencies and private organizations continuously struggle to develop and implement the proper controls and management systems subsequently leaving themselves vulnerable to critical breaches and incidents. 

In their most recent chat, Samara Schulman, President of OnPoint Consulting, connected with Pete Tseronis, Founder and CEO of Dots and Bridges, to explore the importance of password security and how it relates to the countless breaches seen across the news impacting all sectors. The jumping off point for their conversation was a Federal Times article which dove into insights from the Department of Interior’s Office of the Inspector General report on how internal hackers were able to crack 1 in 5 passwords across all DOI user accounts and a CyberScoop report detailing the LastPass security breach which comprised the passwords of their 33 million customers. These stories rattled Samara and Pete, not because the organizations in the articles were outliers when it came to cybersecurity but on the contrary, that these vulnerabilities are everywhere for both government and industry. 

Although OnPoint works toward building our nation’s cyber resiliency for federal agencies on a daily basis, Samara urged us all to remember that comprehensive cybersecurity requires a personal sense of responsibility – and password security is a key piece of that. As she notes “cybersecurity touches on so many levels that we are all deeply connected to – down to the most basic of being a person, being a citizen and being able to help protect our critical infrastructure, to help protect this nation. As a mother, to help protect my family, to help protect our finances, to help protect our privacy. As an employee to help protect my company.”

OnPoint's Key Points

So, I hear you asking, “if password security is this big of a threat to overall cybersecurity, why are we not taking it seriously and what can we do?” Thankfully for you, Samara and Pete are in the business of solving these problems and touch on:

  • How a lack of federal privacy legislation and nationwide incident reporting requirements challenges organizations and citizens, but the reason is of course because of the issue of privacy, which is central to what America is all about.
  • Implications of security breaches and incidents like the LastPass breach on the government’s security clearance process. As new types of threats and vulnerabilities are growing day by day and as our digital footprint grows, the government needs to consider how cyber threats can turn into real world security vulnerabilities – for instance, putting those who hold clearances and those who apply for clearances at risk.  
  • How working from home has opened up new pathways for attacking organizations and individuals, and what people can do to protect themselves and their company from cyber threats. 

Samara and Pete also lean on their experience in the cybersecurity world to give some of the following expert advice to organizations looking for ways to bolster their own password and cybersecurity awareness: 

  • Ensuring that internal policies related to password security remain up to date by implementing evolving best practices. 
  • Deleting old accounts and ensuring systems are kept up to date through system patches. 
  • Maintaining proper password complexity requirements and implementing controls that monitor and prevent commonly used passwords (I’m looking at you password1, password2, password3, and password4)
  • DO NOT keep your passwords on post-it notes. Seriously, we get that it’s easy but just don’t do it. 

Remember, all it took for hackers to shut down to colonial pipeline was just one breached password. If you want to learn more insights from Samara & Pete, catch the recording at our LinkedIn page.

Listen to the discussion

Samara Headshot-no background

Samara Schulman
President, OnPoint Consulting, Inc.

Let’s connect!      Bio