‍Why did you have a MindYourPass Online Security Risk Assessment performed?

Peter: “In 2022, the news came out that a number of corporations had been hacked. I had just started working at Collaboration at the time and I immediately started assessing where our vulnerabilities lie. Knowing that the human factor is the biggest risk, the password policy came to the fore. One of the points is that we do not have a password manager. We do have quite a few applications, and that also means a lot of passwords that are not all memorable. Without a password manager, there is undoubtedly another way of remembering passwords that is not so secure.”
‍

“To get a clear picture of how big the risk of weak passwords really is for our organization, we decided to have a MindYourPass Assessment carried out”

“In 2023, we had a BIC 4.0 review of our information security policy carried out by VVA, our partner in the field of security and privacy. A number of improvements have been defined here, including the introduction of a password manager. To get a clear picture of how big the risk of weak passwords really is for our organization, we decided to have a Password Risk Assessment carried out and we decided to purchase a password manager. The condition for us was that the assessment can be carried out anonymously, so that the privacy of employees is not compromised. Fortunately, MindYourPass offers that option. '
‍

“We've gained a clear insight into how strong the passwords are used by employees to log into our applications.”

‍What did the MindYourPass Assessment bring you?

Peter: “We've gained a clear insight into how strong the passwords are used by employees to log into our applications. We also found out about the reuse of passwords and whether passwords that are public, or occur in databases such as haveibeenpwnd.com, are still being used. The great thing is that these insights are linked to our application landscape, so that we now have an idea of where the biggest risks lie. It showed that there is work to be done. '

‍

Did the assessment teach you even more?

Peter: “Yes. I also used the assessment to cross-check our application landscape, which we re-inventoried earlier this year. The assessment records the login moments for each online application. This automatically gives you a complete picture of your application landscape. The assessment did not present many surprises for us and it turned out to be mainly a confirmation of what we already knew and had mapped out ourselves. I was happy about that, though. '
‍

“I shared the report with management, which made them even more aware of the importance of seriously addressing this risk.”

Was it complicated to have MindYourPass carry out the assessment?
‍
Peter: “No, quite the opposite. The installation of the software was arranged within an hour. The scan then started running and after just over a month, we received the results in a comprehensive report. The report provides concrete figures and results about the password safety and online security of our organization. I shared the report with management, which made them even more aware of the importance of taking this risk seriously. '
‍

“We chose the MindYourPass password manager because it offers the ability to enforce usage and password requirements.”

What's your next step?

Peter: “With the selection for the MindYourPass Assessment, cooperation also decided to purchase the MindYourPass password manager. We mainly used the assessment as a baseline measure and the first step of implementation and deployment to the organization. We are going to work on that now. We chose the MindYourPass password manager because it offers the ability to enforce usage and password requirements. So you can make sure everyone uses secure passwords. Depending on the impact of the application, we will now gradually enforce password policies where they are not enforced by the supplier. That offers us the security we were looking for. In my experience, a password manager is often offered, but hardly anyone uses it. So that's not effective and a waste of money. '
‍

‍
Do you have any advice to fellow corporations?

Peter: “Take the risk of weak passwords seriously. With the MindYourPass Assessment, you enable yourself to measure password usage and to objectively identify risks. After all, measuring is knowing! From there, you can start improving, for example by using a password manager. '