Today, cybersecurity rules supreme. For businesses that operate exclusively online or provide online services, security can be a major factor that determines success. And most – if not all – cybersecurity endeavors start with passwords. Fail to adequately protect your corporate passwords and you might be in for a rude awakening.
Contents:
Due to the steady rise in cybercriminal activity and the ever-increasing sophistication of attacks, businesses are naturally looking for ways to ensure a robust security perimeter. One such company is Hostinger. Today, we’re thrilled to speak with Egidijus Navardauskas, head of cyber security at Hostinger, and discuss how the company approaches cybersecurity and threat mitigation within the organization.
Hostinger – the host behind your favorite website
Hostinger is a hosting service provider from Lithuania. The company focuses on making life easier for developers and their customers. Established in 2011, today Hostinger is recognized by the biggest names in tech media as one of the best hosting providers. Due to its high standards for security, ease of use, and customer support, Hostinger is trusted by millions of customers worldwide. One of these customers might be your favorite website. Back in 2020, the company was listed as the fastest-growing hosting brand of the year by Bitcatcha. In 2022, Hostinger marked the joining of its 1000th employee, and the company doesn’t plan on stopping its growth anytime soon.
Common security risks for online businesses
The online world is full of threats and risks, much like the real world. Vast numbers of threats lurk in the wild, but Egidijus draws attention primarily to social engineering and phishing scams.
The prevalence of social engineering and phishing attacks continue to increase with each passing year. The same can be said about the sophistication of such scams. Today, cybercrooks operate professionally, which is clearly reflected in fake email messages and malicious websites that they build. For the record, it is crucial to note that social engineering and phishing scams often establish entry points for a large-scale attack. For businesses, a single employee falling for such a scam could have disastrous consequences because it could quickly compromise the entire network.
Third-party vendor integrations also pose risks that should be taken into account. Often, service providers use multiple third-party integrations with their systems or apps to deliver their services to clients. Some third parties could have privileged access to the company environment or may be sub-processors of your data. If such a third-party vendor is compromised, your company’s sensitive data may be compromised as well. Evaluation of third-party vendors is an essential part of business security and should not be overlooked.
Finally, Egidijus mentioned that something as simple as misconfiguration can have disastrous consequences for any organization. Unfortunately, these are often the result of human error and poor cybersecurity habits in general. For instance, forgetting to swap default credentials for new, strong credentials on a server system could be an opening for bad actors to abuse.
In general, Egidijus notes that for Hostinger, cybersecurity is a key component for their success.
Exploring a better way to manage user access
The Hostinger crew is acutely aware of why it is critical to ensure that passwords are treated in a secure way. Before the company adopted NordPass for internal use, it relied on another password manager. However, the previous solution fell short in a couple of ways.
Before NordPass, we used to write passwords on sticky notes. Jokes aside, sticky notes with passwords is a very bad security practice, and you should never do that. Before migrating to NordPass, we were using another vendor password manager. But the previous password manager was not centrally managed, which meant that user management operations such as suspending, adding, or removing members could get tricky and annoying.
- Egidijus Navardauskas
Head of Cyber Security at Hostinger
Turning poor user access management into a smooth and secure experience
Egidijus notes that some password managers on the market do not provide a direct, smooth, or secure way to share passwords with individuals and can have poor vault logic. By this he means that companies have to create separate vaults for specific teams and add the required passwords manually, which can be a source of frustration, to say the least.
There are cases when credentials or secret keys need to be shared between developers and the IT department. With poor vault logic, you can't simply add the engineering team to the developers' vault as their vault also contains other passwords which the engineering team doesn't need to access and vice versa. So you have to copy credentials from one vault to another, and it becomes quite tricky to manage all credentials especially if, for instance, you make changes in the developers’ vault but that change doesn't reflect on the engineering vault.
- Egidijus Navardauskas
Head of Cyber Security at Hostinger
When it came to choosing a new password manager for Hostinger, it was a priority to find a solution that overcomes vault logic issues and facilitates smooth user experience without compromising security.
NordPass has password owner logic and the password owner can distribute access to credentials per group or individual. Additionally, it's possible to set up full access or read-only permissions to the credentials. In this case, credentials can be shared with specific individuals or groups, and it's easier to ensure that passwords or keys are shared with the right people only. Furthermore, if the password owner makes changes it will be reflected for everyone. No copy-pasting is needed to other vaults as there is no vault logic.
- Egidijus Navardauskas
Head of Cyber Security at Hostinger
The NordPass effect: less password mess
As soon as Hostinger adopted NordPass Business for corporate password security and management, life got better. Well, at first employees had to get a grip of the handling of the new password manager. That wasn’t a big issue, because NordPass is designed to serve the needs of users with differing levels of IT knowledge.
Once the company started using NordPass, the Hostinger team noticed quite a few features that they liked compared to the previous solution that they have been using.
Because NordPass has central management of user accounts and features like Data Breach Scanner and password health checks, it's now easier to monitor password security status and ensure that our employees are following our password policy requirements. We can also check if our employee credentials were leaked during a third-party leak. From a security perspective, these features bring additional value to day-to-day life.
- Egidijus Navardauskas
Head of Cyber Security at Hostinger
Want to discover the ways other companies tackle the challenges of password management and security? Simply visit our case studies page.