Data has become a currency for cybercriminals and ransomware attacks are at an all-time high, and whether it’s a small or large business or a regular Internet user – anyone can become a victim.
It’s still not as common to protect your personal and sensitive data because of the “it won’t happen to me” mentality. However, anyone can become a target.
While many users adopt Virtual Private Network (VPN) services to secure their information, it can’t always be enough to protect login credentials from being compromised. And while ensuring strong password health on each website can be draining, the simplest solution is getting a password manager.
We invited Darren Guccione, the CEO and Co-Founder of Keeper Security – a company that offers zero-trust security solutions, including a password manager. Guccione agreed to discuss cybersecurity and the best password hygiene practices.
How did Keeper come about? What has your journey been like so far?
Keeper started in 2011 with the goal of building the most secure vault for storing passwords and other confidential information. Our focus has always been on building a highly secure architecture with multiple layers of encryption to provide maximum protection. We have a discipline of listening to customers and adapting our product quickly, we are a very agile company.
In the past few years, we have added more enterprise capabilities, such as SSO Connect and an advanced reporting module. This year, we introduced Secrets Manager to protect machine-to-machine credentials, and very recently we announced Connection Manager to secure remote access.
So our journey has been in constant evolution – we have transformed Keeper from an app to a security platform that can protect every user on every device. It’s been an incredible journey.
Can you introduce us to your password management platform? What makes it stand out from the crowd?
For starters, Keeper utilizes best-in-class security with a zero-trust framework and zero-knowledge security architecture to safeguard your information and mitigate the risk of a data breach. Keeper protects your information with multiple layers of AES 256-bit encryption and PBKDF2, widely accepted as the strongest encryption available. All users need is their master password, and Keeper does the rest. Millions of consumers and thousands of businesses worldwide trust our platform to secure and access their passwords and private information. Keeper gives you visibility, control, and compliance so you can be confident in your personal and organizational security.
At Keeper, you emphasize the importance of the Zero-trust principle when it comes to security. Can you tell us more about this approach?
Zero-trust begins with password security. Keeper Security creates its products using a zero-trust security framework. Zero-trust assumes that all users and devices could potentially be compromised, and thus, each user must be verified and authenticated before they can access the organization’s network and resources. This cybersecurity framework underpins Keeper’s cybersecurity platform. Keeper’s platform provides IT administrators full visibility into all users and the systems and devices they are accessing, which helps ensure compliance with industry and regulatory mandates. In order to have a zero-trust framework, an organization must have world-class password security supported by a zero-knowledge security architecture.
How do you think the recent global events influenced the way people perceive cybersecurity?
Some of the perceptions influenced by global events are correct: pervasive ransomware attacks, nation-state actors, and companies going out of business after they have a significant breach. There are other perceptions that are usually incorrect, such as the idea that only large companies are being targeted. We know businesses of every size and individuals are being compromised every day.
What identity-based threats do you find the most concerning nowadays?
When a cybercriminal steals crucial personal information, such as Social Security Numbers or banking information, your worst nightmare can come alive. Cybercriminals can commit identity theft with sophisticated cyberattack tactics, such as social engineering, phishing, and malware. Reversing the damage of identity theft and/or recovering lost funds can take years of very tedious processes. Another type of attack is very concerning: the stealing of machine credentials, known as infrastructure secrets, which are usually hard-coded in software and have been the main attack vector for some of the most damaging attacks in recent history.
How can one find out if their password has been compromised? Are there any early warning signs that can often be overlooked?
Data breaches are on the rise, and millions of personal records have been stolen and are available on the Dark Web. Fortunately, software and platforms are available to help you understand if and where your passwords have been accessed. For example, any consumer can get a free data breach scan on Keeper’s website. In addition, Keeper’s BreachWatch® feature monitors the Dark Web for breached accounts and alerts you so you can reset the compromised password and protect yourself against cybercriminals. BreachWatch fully integrates with your Keeper Password Manager, bolsters your online security by protecting your online identity, and performs unlimited security scans of your passwords on all devices.
When it comes to password security, what bad habits do you notice most often?
Often, consumer apathy opens the door for massive cybercrime. The average consumer knows the implications of bad password maintenance, yet 64% of people have never checked to see if they were affected by a data breach. Despite 7.9 billion consumer records being accessed by cybercriminals in just one year, we still see basic consumer password errors, such as using the same password across accounts, writing them down and storing them where other people can find them, and clicking malicious links so hackers can access them. Consumers need to use strong, unique passwords, and utilize encryption software like Keeper to protect themselves from cybercrime.
Besides adopting good password security practices, what other security tools do you believe everyone should incorporate into their lifestyle?
Two-factor authentication (2FA) is a good security practice for ordinary consumers and massive businesses alike to have in place. Two-factor authentication provides an extra layer of security when logging into your Keeper Vault or any other site or application by requiring a secondary authentication factor upon logging in. Even the most frequently updated and strongest credentials can be stolen in a data breach, as highlighted all too often in the news, and 2FA ensures that even if a threat actor gets hold of a working password, they won’t be able to use it without the second authentication factor. 2FA is a form of multi-factor authentication (MFA), and it is recommended as a best practice by the US National Institute of Standards & Technology (NIST) to reduce cyber risk.
Would you like to share what’s next for Keeper?
Earlier this year we announced Keeper Secrets Manager, to protect machine-to-machine credentials, and recently we announced a new product called Keeper Connection Manager to protect and enable remote connections with the same zero-trust, zero-knowledge security. Keeper Enterprise has become a ubiquitous platform that enables organizations of all sizes to have visibility, control and security across every user on every device.