Cyber Security and the LastPass breach

Cyber security is a critical aspect of being a bookkeeper in this online world. There's no getting away from it.

In our line of work, working with business accounts, we're entrusted with a lot of personal and confidential data, and we need to take this subject seriously.

We need to keep up-to-date and vigilant about what's happening in the world of cyber security so that we can protect ourselves and our businesses, and also protect our clients and their businesses as well.

The LastPass breach

You may already know that LastPass, a popular password manager, had a security breach late last year. This has long been my secret concern about password sites. What if they get hacked? Well, it happened. Some might say it was bound to happen sometime.

Whether you are a LastPass customer or not, there are some best practice precautions to take immediately, if you haven't done so already. 

First and foremost, change your Master Password now, and go through and change the passwords of your most critical apps. Plus the standard advice of not re-using passwords, not using easy-to-remember passwords, and using multi-factor authentication. 

Using the randomly generated password feature helps, but also means you're beholden to a password manager as there's no way you could remember all of them.

The LastPass breach happened through the computer of a remote worker. How many of us have remote workers these days? Are you giving the security of their cyber work environment the seriousness it deserves?

You might also want to consider getting cyber insurance if you haven't already.

There is some great info here from Cert NZ and an interesting article from Malwarebytes here on the LastPass security breach, how it happened (a little shocking to be honest) and what to do about it if you're a LastPass customer.

I know many are changing their password manager, but I'm choosing not to. I could be wrong but my thinking is, who better to keep your passwords safe than one who's suffered the ignominiousness of a security breach?

I expect that this will result in even more stringent security procedures being put into place to avoid this ever happening again. I also realise that I'm placing a lot of trust in this happening and some would say that trust has not been earned in this case.

Are passwords becoming a thing of the past?

Despite the breach, are password managers still the safest way for us to keep all our passwords?  

We simply cannot remember all the apps that we need passwords for, which is why password managers exist in the first place. So, I believe we still need them. But it's a vulnerable place to be.

And in this article by (ISC)² - "The World’s Leading Cybersecurity Professional Organization" - the question is asked, "Longer term, there is the fundamental question of whether businesses should abandon passwords altogether. If password databases are now at serious risk, that would be a logical conclusion, with the most recent incidents serving as a signal that the era of the password is coming to an end after all."

It's not hard to imagine what would replace a password. Biometrics, such as fingerprints and facial recognition, are already in everyday use, but passkeys have also been flagged as the replacement to passwords.

It's a matter of watching this space and keeping ourselves educated about advances in this area of business. And in the meantime, taking all precautions to keep our data, and our clients' data, secure and safe.

Stephanie 

PS: Interested in working with me as your bookkeeping business coach? Send me an email to start the conversation.