April 12 is Identity Management Day!

Identity Management Day Logo

Identity Management Day is dedicated to creating awareness about the importance of identity management and securing digital identities.  Led by the Identity Defined Security Alliance (IDSA), in partnership with the National Cyber Security Alliance (NCSA), this annual awareness event will take place on the second Tuesday in April every year.  Identity Management Day was held on April 12, 2022.  Identity Management has long been considered an operational function – it enables the right individuals to access the right resources at the right times for the right reasons. However, in recent years, identities have become the prime target for hackers, allowing them to simply login with a set of valid credentials, a username and password, that have been stolen, phished or simply guessed.

“Attacks over the past year on SolarWinds and Colonial Pipeline had massive repercussions, and yet neither attack was carried out via new techniques. Both attacks were the result of inadequate identity management practices. The SolarWinds and Colonial Pipeline breaches should be a rally cry for implementing basic identity management principles and evidence that an identity-related breach can happen to an organization of any size and have significant repercussions to critical infrastructure and supply chains. The goal of Identity Management Day is to raise awareness, share best practices, and inspire individuals and organizations of all sizes to act, so that failure to implement basic identity management best practices doesn’t result in the next headline breach.” said Julie Smith, Executive Director of the IDSA.

“Work from home and ‘bring your own device’ policies have blurred the lines between our personal and professional lives. Poor cyber hygiene on a professional or personal account or device can leave your entire digital identity vulnerable. Fortunately, there are a few simple steps everyone can take to vastly improve the security of their online identities. These include enabling multi-factor authentication wherever possible, using a password manager, and performing software updates. Taking even just one of these steps can help protect both your organization and family from cyberattacks.” said Lisa Plaggemier, Interim Executive Director of NCSA.

FACTS AND FIGURES

  • 79% of organizations have experienced an identity-related security breach in the last two years, and 99% believe their identity-related breaches were preventable (IDSA)
  • 61% of all breaches were a result of stolen credentials. (Verizon Data Breach Investigations Report)
  • 97% of organizations will make identity security investments in the next two years. (IDSA)
  • 15 Billion passwords are available on the Dark Web.(Forbes)
  • $3.2 Billion in venture funding went into the identity management space in 2021. (CrunchBase)

Everyone has a digital identity made up of large amounts of personal data that exists about you online.
Whether it comes from your social media profiles, search engine history or email accounts, your information is incredibly valuable to cybercriminals. If an account is compromised, your data may be stolen by cybercriminals, with the intention of stealing money, conducting phishing attacks against others, and even committing identity theft. Protect your digital identity with the following best practices:

Configure security settings

Every time you sign up for a new account, download a new app, or get a new device, immediately configure the privacy and security settings to your comfort level. Check the settings on old accounts and delete any apps or accounts you no longer use.

  • Why? Attackers are likely to try the default login information for internet connected devices – typically admin – to try and gain access. While the default settings for most online accounts provide the website owner with the most information for a personalized experience, loose privacy settings could mean your data is being shared without your knowledge.

Think before you click

If you receive an enticing offer via email or text, don’t be so quick to click on the link. Instead, go directly to the company’s website to verify it is legitimate. If you’re unsure who an email is from—even if the details appear accurate—or if the email looks “phishy,” do not respond and do not click on any links or open any attachments found in that email as they may be infected with malware. Report phishing to your organization’s IT department or your email provider.

  • Why? Attackers often send fraudulent email and text messages, referred to as phishing, in order to trick individuals into providing information such as usernames and passwords, or to download malware.

Share with care

Think before posting about yourself and others online. Consider what a post reveals, who might see it and how it might affect you or others. Consider creating an alternate persona that you use for online profiles to limit how much of your own personal information you share.

  • Why? Personal information readily available online can be used by attackers to do a variety of things, including impersonation and guessing usernames and passwords.

Use multi-factor authentication (MFA)

MFA will fortify your online accounts by enabling the strongest authentication tools available, such as biometrics or a unique one-time code sent to your phone or mobile device.

  • Why? At least 15 billion passwords are for sale on the Dark Web. A second method of authentication provides extra protection even if a username and password is compromised.

Download a password manager

Use password managers to generate and remember different, complex passwords for each of your accounts. 57% of workers write down passwords on sticky notes, and 62% share passwords via SMS and email, according to Keeper Security. Password managers offer secure ways to send passwords and other login credentials to family members or coworkers.

  • Why? Duplicating passwords or using common passwords is a gift to hackers. If one account is compromised, a hacker will typically try the same username and password combination against other websites through “password spraying.”

Update your software

Keep all software on internet connected devices – including personal computers, smartphones and tablets – current to reduce risk of infection from ransomware and malware. Configure your devices to automatically update or to notify you when an update is available.

  • Why? Software updates often fix security flaws. Outdated software can be riddled with security holes easily exploited by attackers.

Resources

2022 Trends in Securing Digital Identities
Why Identity Management Matters