Cybersecurity threats happen – and often. It’s gotten to the point that we can read a story every day about shady characters hacking into company information.
In fact, it’s been reported that LinkedIn is a recent target. More than 100 million people are reportedly in danger of having their login information exploited. Hackers have even found ways around the encryption of that data.
In this climate, companies and organizations cannot ignore the very real possibility that their data is at risk – no matter how large or small the company. As we say at Blue Lance, it’s not a question of if a cyberattack will happen but when.
With Blue Lance’s Chief Technology Officer, Peter Thomas, we share six ways that your company can be proactive and limit the impact of security breaches.
#1 Embrace the principle of least privilege.
I’ve mentioned this before in a previous post and cannot stress it enough. Not every member of your organization’s team needs access to every database, application, or file. Your company needs to put a system in place that sets the permissions for gaining access to data.
It’s a balancing act, for sure, as you have to be sure that team members can do their jobs even with limited permissions. However, once you strike the right balance between access and security, your organization’s data will be more secure if a breach does occur. This way, if a hacker is using an employee’s credentials to try to gain access to sensitive company information, they will be limited by that employee’s privileges.
The goal here is containing the threat and stopping it in its tracks.
#2 Set tough password parameters.
People too often make terrible decisions about their passwords. With the LinkedIn hack mentioned before, researchers have discovered that people used obvious combinations like “123456” or “linkedin” or “password” at astonishing rates. If you’re using a common password, even your encrypted password won’t stay a mystery for long.
Many organizations and their employees can benefit from setting stringent requirements to ensure password strength. This may include a combination of upper and lower case letters, numbers, and special characters. Also helpful is requiring users to change their passwords often and restricting them from using previously used passwords.
#3 Enable two-factor authentication.
Two-factor authentication (also called two-step verification) is an excellent way to prevent hackers from gaining access to your accounts. When two-factor authentication is enabled, users are asked to enter their cell phone numbers as part of their account information. This way if anyone, including you, attempts to log in from a new device, a special code sent to your cell phone is needed to do so.
The idea here is that while a hacker may have your username and password, he is highly unlikely to have your phone number.
Many companies use Gmail for business or social media sites like LinkedIn, Facebook, and Twitter to recruit employees or to promote their businesses. All of these platforms have two-factor authentication and should be required if employees are using them for company purposes.
Email, as we know from the Sony hack, contains all kinds of sensitive company information, from financials to trade secrets. Once your emails are in the hands of hackers, the damage can be extreme.
Companies should also use this layer of protection on their proprietary accounts to ensure that only employees are accessing information from known devices.
#4 Don’t let computers – or accounts – go dormant.
At too many workplaces, there are workstations with a computer that’s logged in and is not in use by anyone in particular. These computers are vulnerable to attack because no one is paying attention.
In the same way, it is possible for dormant accounts to become the targets of hackers because they have gone unused and unnoticed by IT security.
Put protocols in place to ensure that employees log off of their computers when not at their desks, and make sure unassigned computers are logged off, offline, and monitored for security breaches. Also, if an employee leaves the company, transfer his data from his user accounts to the appropriate, secure places – and then terminate the account.
#5 Tap into your resources.
In addition to these immediate strategies, we encourage you to stay updated on the latest in cybersecurity. As always, we invite you to attend our monthly Cyber Houston Happy Hour. We’ll be at the Houston Technology Center in midtown Houston on June 9, 2016, at from 5-7 p.m. You’ll be able to share strategies with other professionals, enjoy complimentary appetizers and refreshments, and hear from our special guest presenter, Nicholas Economidis of Beazley. You can RSVP here.
Even if you can’t join us that evening, there’s no need to go it alone. We at Blue Lance are here to answer any of your questions about credentials assessments and cybersecurity for your company.
#6 Combine your strategies
It’s not enough to do just one or two of the measures above. Where there is a will, a hacker will find a way.
The best practice is to do all of the above and to think of cybersecurity measures as integral to operational expenses and procedures. The combination of relevant permissions, tough password parameters, two-factor authentication, attention to account activity, and a community of resources will prevent or limit the impact when your information is breached.
Umesh Verma is the award-winning CEO and driving force behind Blue Lance, the global provider of cybersecurity governance solutions. For more than 25 years, Blue Lance’s automated software solutions have been protecting digitally managed corporate assets by assessing, remediating, and monitoring security of information systems. Call Blue Lance at 1-800-856-2586 for your 25-point credentials assessment, or get social with us on LinkedIn, Facebook, or Twitter.