Organizations sometimes fail to consider the true risks that insiders pose to their cybersecurity. Yet, internal risks are every bit as dangerous and damaging as the external ones, even if there is not malicious intent.
Find out if any of these top 5 insider threats are occouring in your business today!
We Continue our Security Awareness Training by addressing some of the most common challenges for organizations who have suddenly found their workforce remote, many with outdated or no “best in breed” Password policies.
Our focus will be to help you better understand the potential risks associated when not using strong passwords and policies, and actions that can be taken to reduce the risks of Cybersecurity incidents, Hacking Attempts, Viruses and Malware associated. We will also provide recommendations to help mitigate the risks of these threats, let’s get started!
Let’s begin by addressing the “why” behind using passwords.
Passwords are the most common way to prove your identity when accessing systems, websites, email accounts, and devices. The use of “Strong” passwords and policies is critical to protecting an individual user’s identity, as well as the security of the network, systems, customers, and even the other users on a network. Using a “weak” Password Policy can be THE single point of failure that brings down a system or even an entire corporate network. Our goal here will be to clarify the difference between “strong” and “weak” practices with your passwords.
If you (or someone you know) has not changed their password for more than 90 days, keeps passwords on a post it note attached to the monitor or desk, uses something like password1234…please review this!
“Strong” Password Policies
When a password is created by a person or a System- use at least eight characters or more, the more characters you use the less likely your password will be hacked.
Complex-Use the entire ASCII set for passwords- lowercase, uppercase, numerals and symbols should all be part of your password. A wider set of characters increases the level of difficulty in guessing a password, reducing the risk of hacking your password also decreases when passwords are longer, and use a greater mix of characters like uppercase, numerals and special characters.
Uniqueness is key- Do NOT re-use passwords across services, its recommended to use a different password for every system you use, including your social media and bank accounts. Uniqueness requirements prevent hackers from using a stolen password to access other accounts.
Use a password manager- complex, unique passwords are more secure, but they are difficult to remember. Using a password manager is a great way to store and access complex passwords without having to remember them all. Our Corporate linkedin page has a list we released a few weeks ago that includes several cost-effective solutions should you wish to use one of these.
Passphrases are another way to help simplify the remembering of your complicated passwords. Using a phrase like (but not the same as) “MymoMisTHEbestIN2020!” is a way you can follow this guideline and better remember your password instead of random numbers and symbols.
Two Factor Authentication- Use two-factor authentication (or 2FA) whenever you can. There are so many ways in which passwords can be hacked, when using two factor authentication (even if a password is hacked), a hacker cannot enter an account without the second authentication factor. This could be biometric data (fingerprint, retinal, etc), a key fob, or something like Google’s Authenticator. These 2FA services create sequences of random numbers or symbols in a separate application or sent directly to another device of your choice, they usually time out and randomly change to provide an additional level of authenticity.
Implementing these “Strong” password strategies can greatly reduce the risk of unnecessary password hacks, breaches of corporate data, identity theft, and even your reputation as a business.
We hope this has been helpful, please continue to look for our follow up in the Security awareness series with topics to include: Remote connectivity, recognizing a threat, Backup and more!
PCS Managed Services strives to provide a Stable, Secure, and Productive environment for its clients, and is here to help you! For more information, please call us or email us at firstname.lastname@example.org for more information on how we can better protect you while working remote.