The first day of the employee is the most critical stage in the hiring process for both the employer and the employee. In line with this, onboarding an employee is critical for them to start getting to know the company’s business process and their role in it. Usually, this includes creating and providing the new employee with their temporary passwords to log in. However, this Toronto IT service firm no longer recommends it due to security issues.
Traditionally, when a newly hired team member starts, the IT department would create a temporary password. They would then share it electronically via email and messaging apps or personally via direct communication. However, incidents have been reported that such manners involve security risks.
Communication via SMS, email or messaging apps can be intercepted by cyber scammers. In line with this, in-person and verbal relay of the password can be logistically challenging. Similarly, errors in pronunciation can also be an issue. Expectedly, this results in an opportunity for threat actors to gain unauthorized access.
Default passwords are usually generic and are intended for short-term use only. Furthermore, it is made to be simple and predictable for easier recall. But Toronto IT service firm explains that it is expected that as soon as an employee gets it, it should be changed. However, most of the time, newly hired employees either forget or opt to keep the temporary password. Therefore, making it vulnerable for exploitation of hackers.
A very good example of a large-scale breach that started from taking advantage of default password is the SolarWinds attack. Cyber criminals used the unchanged temporary password “solarwinds123” and were able to gain access to the company’s system. This resulted in an avalanche of cybersecurity issues involving organization, both public and private.
In order to reduce the incidents resulting in increased vulnerability, employee onboarding must include and emphasize the importance of password management and best practices. Some of which are as follows:
The use of a password manager helps companies to securely generate, store, and share passwords with new employees. Password managers encrypt passwords and strictly impose regulations such as regular password changes. Thus, lowering the danger of using weak or unaltered credentials.
Having MFA implemented across business systems provides an extra degree of security during first login attempts. It requires users to give multiple kinds of verification. This includes a password and a code texted to their mobile device, thereby improving security beyond basic password protection.
When sharing critical information, such as passwords, the use of encrypted communication pathways is important. Hence, details in the emails or messaging systems cannot be deciphered by threat actors. As such, reducing the danger of interception during transmission.
Developing and executing policies on password management as early as onboarding is critical. Standards can be created, and tools can be used in order to do this. In turn, it assures conformity while reducing possible human error at the same time. This proactive strategy increases security safeguards from the beginning of an employee’s onboarding process, protecting sensitive data and improving overall cybersecurity posture.
We at EBSolution are IT and cybersecurity professionals who can help you with all your tech needs. Our services include password management, cybersecurity, even personnel training and so much more. We can create custom solutions for your tech problems. Book your consultation today and let us discuss this in detail.