SAN DIEGO, CA and NEW YORK, NY--(Marketwired - Jun 19, 2015) - Enterprises are also vulnerable following this week's breach of LastPass, according to CyberUnited LIFARS, a joint venture between two of the nation's top cyber consulting firms. They are recommending that organizations, not just consumers, take action to prevent their own breaches based on the LastPass break in.
First, LastPass Enterprise customers should immediately put multifactor authentication in place for users within their organization if they haven't already, according to CyberUnited LIFARS in its latest blog "Expert Advice for Enterprises and Individuals Using LastPass." To do this, companies can follow the instructions for creating policies and applying the enterprise policy that suits their organization.
Second, they should create a policy to filter emails containing "Last Pass" and manually review them. Since the attackers have made off with the email addresses and password "hints," there will very likely be phishing campaigns attempting to trick employees into giving hackers their passwords.
Finally, since auditing software by an outside organization is so important to maintain the highest level of security, companies should ask their technology suppliers and their partners about their audit practices.
"This last point is critical," noted Darin Andersen, CEO of CyberUnited. "No matter how safe security executives feel their company might be, a third party audit should be a critical part of their defense. And as the Target breach has shown us, you have to keep in mind the policies of your partners and suppliers as well. Security monitoring has to be performed continually because programming code is constantly being modified."
Despite assurances from LastPass, the company might not be able to deliver on those promises, the blog also notes.
"The attackers could have had access to the data for a long time since research tells us that the average time it takes to discover a malicious cyberattack is 170 days," adds Ondrej Krehel, Founder of LIFARS. "Since a breach like this could have occurred along time ago, companies need to engage professional firms to perform data breach tests and train internal staff for signs of compromise. That's why companies like LastPass need to examine their ability to detect and respond to cyber incidents by third party assessments."