Keeping your business safe is a process, not a project. There are no definitive start or end dates, just a constant awareness and vigilance needed to keep up with today's sophisticated security threats. While many of the recent breaches like Yahoo and LinkedIn have focused on the impact on consumers, rather than businesses, it doesn't mean that it can't happen to a company, big or small.
In the interest of efficiency and productivity, poor security behaviors can quickly creep in and derail even the best laid plans or render oversight controls essentially useless. Perhaps no example better illustrates this problem than the issue of poor password management. From an employee perspective, the process of creating and remembering strong and unique passwords is cumbersome, so they generally avoid it. However, a lack of education when it comes to the risks associated with using weak passwords or allowing employees to reuse those passwords for multiple access points, leaves the company vulnerable to significant threats.
Understanding employee password behavior and educating them on the potential risk they present to the company at large is critically important when it comes to strengthening a company's security posture. In an effort to do just that, we recently conducted a survey of thousands of consumers across the globe on the subject of password creation and management. We found that 75 percent of respondents considered themselves informed on password best practices, yet 61 percent admitted to using the same or similar password across accounts. Additionally, more than a third of respondents said they create more secure passwords for personal accounts than they do for work accounts. In other words, they understand, or at least claim to understand the risks, yet often ignore them in favor of speed and convenience. They are also more vigilant about the safety of their personal accounts than the passwords they create for work-related information.
As cyber attacks continue to increase in scale and frequency, business owners should take the time to evaluate their online security policies. Remember - your company is only as strong as your least-informed, most insecure employee. Are you doing everything you can to protect the company from an attack? Below are four tips to help you get started strengthening your business' security today:
Set up password strength requirements
This sounds like a no-brainer, but many companies still don't enforce password strength requirements, which means their employees are using simple, insecure passwords. Or, they stop at telling employees what they should do, but don't actually have a way to verify they're doing what they should be. As a company, you should require employees to create lengthy passwords including upper and lowercase letters, numbers, and characters. You can also block people from using their first or last name, the company name, or even 'password' in their passwords. But go beyond that, and give your employees tips such as use passphrases that don't really make sense but are easy to remember.
Establish levels of access
Not everyone needs access to every account and file. For those accounts with the company's most sensitive information, take the time evaluate who needs access to them. Only delegate access to those who truly need it, and regularly re-evaluate that list. If someone on that list leaves the company, make sure they are removed and no longer have access and change the log-in credentials
Require two-factor authentication
Enabling two-factor authentication on your company accounts is one of the best ways to keep your sensitive information safe because it requires an additional step before logging in. Users must provide a second piece of information - whether it's a code, or a temporary password, or the swipe of a finger - before the account can be accessed. Turning on this secondary step will only add another layer of security for your business.
Educate, train and remind
Many employees may think they understand how to keep themselves and their company data safe, however our recent survey found that 47 percent of respondents included easy to find, personal information such as family names or initials when attempting to create their passwords. This makes them easy targets for anyone with personal knowledge of the employee or with access to social channels. Security teams must continue to educate employees on what it means to have a secure password. This not only means creating a unique password for every online account, but also how to securely share passwords with co-workers.
In order to truly improve the condition of your company's security, you must alter the way your employees see their role in the process. Increased vigilance on the importance of password management can go a long way in reducing your threat level as an organization. Make sure your employees are aware of what they can do to help.