Reviewing the findings and taking recommended actions
Scored breakdown of vulnerable applications by risk factor of Critical/High/Medium/Low:
Recommended actions, clients impacted:
Visibility into what applications are being used and their risk factor:
Credentials being shared:
- Shared credentials can still have MFA enforced, using TEKRiSQ's Password Vault solution, MFA 6-digit codes can be shared between multiple users across the organization, mitigating the risk of multiple users exposing the password and putting the account at risk of breach.
Personal VS Work Credentials being used:
- Personal and Work computers should be separate - mixing them creates more issues, phishing becomes prevalent, MFA is most likely not enforced on the personal email linked to the browser profile being used, company credentials are being saved to your personal browser profile account, exposing the company to many risks.
- Click here to learn more about why saving passwords to your browser is insecure.
How are users signing in?
- Are the users logging into approved applications? Are they downloading information and sharing it with 3rd parties? Do you have DLP (Data Loss Prevention) in place?
All gathered information is used for security purposes only, we do not track users.
Your privacy is important to us and everything collected is directed to management for further actions to improve the security structure.
For example:
LastPass experienced a breach where account information was exposed.
The developer saved company credentials on his personal computer used for work, after he was hacked, the hackers had access to LastPass's database.
The recommended actions are:
- Consider moving to another Password Vault Manager, where your passwords are secure.
- If you decide to remain with LastPass, change your password to something else which is more complex.
- Make sure you have MFA turned on, we recommend using an authentication app on your cell phone, such as the Google Authenticator to protect your account.
