Q&A: Keep Out the Bad Actors: Make Your People’s Data Secure
On June 7th, 2021, 8.4 billion unique usernames and password combinations were leaked—the largest password leak in history. And since 65% of people use the same password for multiple accounts, a type of cyberattack known as ‘credential stuffing’ is on the rise. But what is credential stuffing, exactly, and how do you prevent it from […]
On June 7th, 2021, 8.4 billion unique usernames and password combinations were leaked—the largest password leak in history. And since 65% of people use the same password for multiple accounts, a type of cyberattack known as ‘credential stuffing’ is on the rise. But what is credential stuffing, exactly, and how do you prevent it from happening?
On this episode of POPS!, Zenefits Director of Product Marketing Christian Flaten provides context on the most common cause of data breaches and shares how to protect yourself and your data from cybercriminals.
After you listen:
On this episode, you’ll hear:
- [00:46-01:30] What ‘credential stuffing’ means
- [01:30-02:13] Why credential stuffing matters today in light of the RockYou2021 leak
- [02:13-03:34] How to protect yourself and your people from cyberattacks
POPS Star Bio
Christian Flaten is the Director of Product Marketing at Zenefits. A former account executive at B2B technology companies, he has spoken with over a thousand small and midsize businesses through his tenure at Zenefits. When not helping customers, Christian enjoys the California lifestyle of surfing, snowboarding, and enjoying the outdoors. His first job was selling candy and gelato at Powell’s Sweet Shoppe in his hometown of Los Gatos.
Christian: Are you keeping your people’s data secure.
Didi: Welcome to POPS, the show that shows you how to shift from human resources, paperwork to people operation, but the new world of work handle by answering one question at a time
Today, to help us answer your question. Here’s Christian Flaten, Director of Product Marketing at Zenefits.
Christian: The goal of today’s Q&A is to provide context on the rapid credential stuffing fraud and share information on multi-factor authentication and why this is critical for helping ensure your employee’s data security.
So what exactly is credential stuffing? To boil it down. Credential stuffing is a type of cyber attack which uses stolen usernames and passwords from one organization. Typically these are attained in a breach or even purchased off the dark web to access user accounts at another ornament. For example, cyber criminal.
Often we’ll try to reuse usernames and passwords to try to get access to media streaming e-commerce and bank accounts. Credential stuffing attacks are one of the most common causes of data breach. Because 65% of all people, we use the same password on multiple and sometimes all accounts. So why are we talking about credential stuffing specifically?
Well, on June 7th, 2021, a new hack username and password list called Roku 2021 was released the largest release of this type of confidential information in history. It was compiled from previous breaches of companies were insecure storage of passwords. Made it possible to access in reverse engineer them Rocky 2021 houses, 8.4 billion unique username and password combinations.
Credential stuffing has also increased nearly 282% in 2020, the likely response to the pandemic. And unfortunately the average person who falls victim to these attacks loses an estimated $12,000. So now that we have some background and understand a little bit more about what we’re up against, let’s talk about how to protect yourself and your people to insulate your people from these types of attacks.
There are a few measures that you should take first. You should enable multi-factor authentication on critical or sensitive accounts. Multi-factor authentication also called two-step login. Is an authentication method that requires the user provide two or more verification factors to gain access to a resource such as an application online account or VPN.
And you should ensure that any application your employees use with access to personal identifiable information is protected with multi-factor authentication. An example would be when you log into your account, it requires a text message or email as well as the password they’re using Tableau. The second thing that you should do is get a good password manager for your business, which can assist you in ensuring that your people cannot have duplicate passwords across multiple services.
The third thing that you should do is just stay alert, keeping up to date with what’s happening in the security front. There are always new types of cybersecurity threats. So it’s important again, to stay. Make sure that you’re not just clicking anything without looking into it without knowing where and who it’s coming from.
Do you have a question for our experts? Click the link in the show notes, or if you’ve got other ideas and feedback about our show, send them to [email protected].
About The People Ops Podcast
Every week, we share the decisions, struggles, and successes for keeping up with an evolving workforce and a changing workplace. No matter if you’ve been in HR or are just getting started, this combination of transformational stories with actionable ideas, as well as context on hot issues, keeps you up-to-date while answering the questions you didn’t even know you had.
Oh, and you know what they say about all work and no play? We tossed in a little levity to keep it real. Lessons, answers, and humor: everywhere you listen to podcasts.
Best-in-class remote teams will use best-in-class technology.
Zenefits mobile HR platform makes it easier to communicate with staff, onboarding new hires, pay employees, and manage any HR task from any home office.