Protecting you & your business: Change default passwords

Posted By David Pollino In Your Business | 2 Comments

Our digital world brings huge benefits, but it also requires a To-Do list to stay protected.

Young bearded man in workshop checking a laptop. [1]One of these tasks is basic but all the more important for that: Keep all your networked devices, equipment, and systems updated and use secure passwords. As more and more things in our lives become Internet-enabled, opportunities grow for criminals and hackers. As a reminder, think about what’s hit the headlines in recent times: hacked baby monitors [2] and vehicles [3].

Think about things or systems you use that connect to the Internet. Vehicles, printers, and scanners are perhaps obvious, but what about alarm systems and air conditioning? Businesses need to think about critical infrastructure and other important embedded systems, appliances, and devices.

How to help yourself & your business

Always make sure you keep devices, systems, and software updated. Take a look at my recent post [4] on this.

Another key tip: Change manufacturers’ default passwords. Attackers can easily identify and access Internet-connected systems that use shared default passwords. Default passwords are publicly documented and widely available on the Internet, which means that attackers can easily obtain them and identify those systems. They may attempt to log in using blank, default, and common passwords, a widely used attack technique.

Here are some common hardware, software, and systems that use default passwords:

  • Routers, access points, switches, firewalls, and other network equipment
  • Databases
  • Web applications
  • Industrial Control Systems (ICS) systems
  • Other embedded systems and devices
  • Remote terminal interfaces like Telnet and SSH
  • Administrative Web interfaces

Change default passwords for devices as soon as possible — and absolutely before deploying any system on a network such as the Internet. Use strong and unique passwords.

Restrict network access to trusted hosts and networks. Only allow Internet access to required network services, and unless absolutely necessary, do not deploy systems that can be directly accessed from the Internet.

If remote access is required, consider using VPN, SSH, or other secure access methods and, again, be sure to change default passwords.

Help yourself and your business stay protected.


Article printed from Bank of the West: https://changematters.bankofthewest.com

URL to article: https://changematters.bankofthewest.com/2016/08/01/protecting-business-change-default-passwords/

URLs in this post:

[1] Image: http://blog.bankofthewest.com/wp-content/uploads/2016/08/smallbiz_device_crop.jpg

[2] baby monitors: http://www.nbcnews.com/tech/security/hack-alert-nyc-regulators-warn-parents-secure-their-baby-monitors-n505391

[3] vehicles: https://www.troyhunt.com/controlling-vehicle-features-of-nissan/

[4] my recent post: http://blog.bankofthewest.com/protecting-critical-business-systems/

Submit an Idea

[contact-form-7 id="32" title="Share An Idea"]

You are leaving the Bank of the West Change Matters site. Please be aware: The website you are about to enter is not operated by Bank of the West. Bank of the West does not endorse the content of this website and makes no warranty as to the accuracy of content or functionality of this website. The privacy and security policies of the site may differ from those practiced by Bank of the West. To proceed to this website, click OK, or hit Cancel to remain on the Bank of the West Change Matters site.