The Password Is…Commando

September 23, 2024

Love this show! One of our focus areas with our clients is to help them become compliant with their Cyber Insurance.  Insurance companies require an ever-increasing list of client responsibilities for their policy to remain valid and pay out when attacked.  Insurance companies can use the non-compliance as a loophole to invalidate your claim.  Not only will you suffer the cost of the attack but your insurance won’t pay…ouch!

Part of compliance is to conduct regular Penetration Tests (Pen Tests). Just as the term suggests, a Pen Test “tests” how long it takes for an attacker to get into your network and access client files, employee files, and operational systems.

As you know, cyber-attacks are no longer a “big company” issue as cyber-crimes have become abundant amongst companies of any size and individuals.  Smaller companies tend to have fewer defenses and have become an easier target.  Even AARP is bringing awareness to their customer base as to strategies around how this is impacting the elderly as well.

Recently, while doing a Pen Test evaluation for a new client it took our technical staff only 15 minutes to get a foothold into the network…  This is not a CTG-managed services account (yet), so we knew little about their existing network.  Now we know how an attacker can get in and we will work with the client to help them become better protected and compliant with their insurance.

The Challenge:

Weak password policies in the domain will lead to weak service account passwords. Our client’s weak passwords led to those passwords getting compromised and this led to sensitive information getting exposed from the accounting software/documents. There is much more to this, but underlying name resolution protocols spurred everything that occurred. The bottom line is someone else could easily oversee their finances.

We helped the client remediate the issues and we will continue to evaluate going forward to ensure this is not a problem or exposure.

Pen Tests are relatively simple and inexpensive. Even if it isn’t through CTG, get your network tested.

About CTG

CTG is a “Unified Service Provider” meaning we are a team that works on your behalf to bring all your network and communications systems and software together.  The goal is to improve ease of use and productivity.  That includes protecting it from attacks.  Attacks mean downtime (unproductive) and we don’t like downtime!  Best of all, we take the burden off your shoulders and determine what you need to hit your business goals, source it, implement it, and support it.  We’ve been doing that for over 25 years through many evolutions in technology.

If you want to learn more about CTG, call 330-655-8144 or email info@ctgusa.net.

Follow us on LinkedIn to stay up to date on the latest in business tech.

 

*Disclaimer: The video is a clip from “The Tonight Show Starring Jimmy Fallon,” which is the property of NBC Universal Media, LLC. Corporate Technologies Group, Inc. is not affiliated with NBC Universal Media, nor do we own the rights to this content. All rights and credits go directly to the respective owners. This video is shared for entertainment purposes only.


Share:

Recent Blog Posts...