World Password Day reminds organizations to get security basics right
Today is being celebrated as World Password Day, an observance that reminds all organizations of the critical importance of getting basic IT security steps right.
It is no secret that hackers have been out in full force these last couple of years as evidenced by the huge attacks on Target and Equifax that exposed the personal data of millions of customers. As a result, cybersecurity has been on the top of everyone's minds as the threat of a massive breach is too great to ignore.
Despite this supposed greater awareness, businesses ranging from McDonalds to Yahoo are being breached and leaking the personal data of billions of customers into the ether. This, in turn, creates an uneasy feeling in the back of our minds as we never know when we will be exploited criminally.
The question raises itself: What can we do to stop the threats?
For many organizations, the answer is a return to the security basics. Below are some best practices for your company to use so to limit the risk of a breach and mitigate the damage in case of one. These strategies are not complicated, but they require diligence from every member of an organization so that a breach becomes less likely to happen.
1. Strong Password Policy
This is the most important aspect of cybersecurity and is the most overlooked in many organizations that prefer ease-of-use over security. A strong password policy can prevent the most heinous of hacks in which the offending party has legitimate credentials for your organization.
When this type of attack happens, the only thing you can do is shutdown your systems as fast as you can and wait to see the totality of the damage. That is why this is the most dangerous hack and it can be totally avoided by having a strong password policy. A good policy encourages the use of a password manager, 16 or more character complex passwords, and 2-factor authentication. Next to having a secured distributed network, this is your best option.
These culminate into a policy that will greatly reduce the chance of a credentials based hack. Though it may seem laborious, it really is the only way to save your company from an incredibly damaging attack.
2. Encrypt Everything
IT administrators everywhere know all about encryption and limiting access to file locations and software. Now, as result of increased cybersecurity concerns, everyone must become aware and proficient in encryption. One of the first things to do is restrict port and drive access on all computers.
Obviously with the exception of the administrator, employees should not be able to use their flash drives or CDs on computers anywhere inside of your organization. This is a common point of attack for hackers as they can penetrate through firewalls easily by inserting software through either a disk or flash drive.
Once compromised, the node can spread the virus or program to every node connected to that same intranet. This can structurally weaken the entire network and bring down important safety protocols. That is why it is imperative that you encrypt the file systems and the ports on all thin clients and personal devices.
3. Have Clear Communication
It is imperative in any organization to communicate with one another efficiently and across departments. This communication is key to smooth operations and can be easily compromised by a hacker that intercepts any email. Hackers can spoof addresses and pose as prominent members of an organization in order to siphon information and access root servers.
They will also call posing as internal members of an organization using spoofed phones. This is why your company’s communication policy must be clearly stated and difficult to break.
Do not leave room for anyone to be faked and have simplistic guides that can be followed everywhere. An employee who doesn't know better may believe that the IT admin needs their password to access their paycheck. It doesn’t make sense but when authority is involved everything changes. That is the social expectation that is exploited by hackers regularly.
However, at an organization with clear communication policies, employees would know that high level management only communicates at a certain time or verifies all communication over the phone. Whatever the policy is, having a defined communication expectation will assuage the fears of an exploited employee.
Whether you are a fortune 500 company or mom-and-pop shop, cybersecurity is necessary and essential for all members to learn. All that is needed for a good policy to offset most hacks is a strong password policy, encrypted files and ports, and clearly defined communication standards.
It's really easier than it sounds and can save your company from irreversible damage that can expose your customers. Do not let your company fall into disrepair due to laziness or ignorance. Learn everything you can about cybersecurity and implement it right away as the threat increases daily. You do not have to fall victim to malicious hackers. Become educated and use due diligence to fight back against cowardly hackers.