LastPass announces a security incident involving unauthorized access to portions of their development environment. LastPass states, “we have seen no evidence that this incident involved any access to customer data or encrypted password vaults.”
Cybersecurity vendors, like LastPass, aren’t immune to cyber attacks, in fact they are prime targets for cyber criminals. They can fall victim in the same ways your small business can. Security Bytes has written on cybersecurity vendor attacks before, in particular regarding the SolarWinds attack. To review those articles check them out here and here.
Password managers
Password managers are super useful cybersecurity tools that store and organize your passwords for your many user accounts. They can also store things like banking information, network information, and any other private info you would like protected. They can even help you create long, unique, and complex passwords. Password managers do all this by encrypting this data inside a secured digital vault. This vault is protected by your master password. Many password managers also offer multifactor authentication to access your vault, but also as an additional cybersecurity tool you can use with your other accounts.
Like all cloud solutions and pretty much anything connected to the internet, there are still risks while using a password manager. There could be vulnerabilities in their solutions, they may have weak business policies, and they are top targets for cyber criminals. This means they can fall victim to data breaches. So it is important you find a reputable brand you trust and monitor for compromise, like all cybersecurity solutions you use.
Security in layers
It is important to remember cybersecurity is done through layers of protection. There is not one perfect solution for complete protection. A password manager is just one layer in your cybersecurity toolbox. When using a password manager, your master password should be a long, complex, and unique password or passphrase. Unique means you only use that password for your password manager only and not for other accounts. This way it minimizes a compromise of your password manager if another account is compromised.
Besides a strong master password, utilizing multifactor authentication is strongly recommended when accessing your password manager. It is also recommended to utilize multifactor on your other user accounts, especially your email account. This adds an additional layer of security to your password manager and your other accounts.
For more information on protecting your small business from cybersecurity threats, like this LastPass security incident, check out Small Business, Big Threat!