Tip of the Week: 3 Things You Can Do to Keep Your Business’ IT More Secure
With many businesses’ increased reliance on their information systems and other IT, they need to do everything they can to keep those systems up and running and secure. This not only includes rolling out security systems that support that goal, it also demands they take the action necessary to keep these systems secure. Let’s look at four things you need to do to keep your business’ IT as secure as possible.
Promote Strong Password Practices
Many users are just not as savvy as most organizations need them to be about their passwords. In fact, many of the most popular passwords used today are still “password” and “123456”. Even if your people are more deliberate about their password practices, many of them choose passwords that could be easily guessed if someone had knowledge about that person’s personal life. This can be a major detriment to any organization’s attempts to keep their IT secure. Here are some tips that you can use to create strong and reliable passwords:
It stands to reason that longer passwords are harder to guess than shorter ones. It’s been proven that passwords that are at least 12 characters long are more apt to be secure than not. The problem with longer passwords is that they are more easily forgotten and result in significant downtime. A good strategy is to create easy-to-remember passphrases with random words and a combination of upper and lower case letters, numbers and symbols. For example a password of “elephantredfootball” will usually be secure, but one that is written: “3l3ph@ntr3df00tb@ll” is even more secure.
Lots of people will use the same password for every account. This couldn’t be more dangerous. Think about it, if you use the same password everywhere and one account is cracked, you are looking at a situation where every account where you use that password is now compromised.
Use Software Tools
There are plenty of tools designed to help people keep their accounts safe. Password managers can be a good resource for people who use long or randomly-generated passwords. These platforms use encryption to ensure that all login and passwords are secure and can cut down on password-related problems that can cause downtime and unwanted IT support costs. Another tool that can help organizations keep their accounts secure is multi-factor authentication. Most platforms will provide options that will add an additional layer of security in the ways of an authentication code sent through an authentication app or separate email or text message. In using randomly-generated codes from a multi-factor authentication system, you can do more to ensure that the people who access your organization’s network-attached files and cloud services are authorized to do so.
Train Your Staff
One of the biggest issues for organizational IT security has to be threats coming in from outside your organization. These typically come in the form of phishing attacks. A phishing attack can come in on any platform including phone, email, text message, or even social media. There are over three billion phishing emails sent every day, and that isn't even taking into account all the other attack vectors. These messages come in with the intention of getting an unwitting or distracted employee to engage with it. Once this happens, nothing good comes of it. Scammers will use this social engineering technique to gain access to protected accounts, deploy malware of all types, and disrupt an organization’s workflow. This is why it is imperative to train your staff on how to identify phishing attacks and what to do when they inevitably encounter one.
The phishing message will typically look like it comes from a person or organization that has some semblance of authority. Scammers like to develop subterfuges acting as financial institutions, insurance companies, even executives and managers inside a company. Many will ask recipients to click on a hyperlink or download an attachment. Either action could be dire for an organization’s technology. Let’s look at some variables of phishing messages that ever organization needs to train their employees on:
Demand Immediate Action
Most phishing attacks are structured to create fear and anxiety in the recipient. This typically will get people to make impulsive decisions. The best action is to verify any suspicious action before interacting with any messages like this.
Include Unprofessional Spelling Errors and Grammatical Faux Pas
Many phishing messages are developed by people whose first language isn’t the recipient's language and include demands, spelling errors, and grammatical errors that no professional correspondence would include.
Come From Unrecognizable Accounts
Many phishing messages may initially look legitimate when you look at the account it comes from. The more legitimate these messages seem the more effective they are. Consider the email address or account these messages come from before clicking on any links or downloading anything from the email.
Keep Your Software Updated
Phishing may get most of the attention, but one of the most used attack vectors by hackers is infiltrating networks through software vulnerabilities. Most enterprise software is continuously being developed to ensure that it is a secure product. If an organization doesn’t have a patch management program where their applications are updated regularly, hackers can use any software vulnerabilities to gain unauthorized access and wreak havoc on their network.
If your organization uses a lot of applications, it may seem like keeping everything patched is a full-time job. That’s why using automation to ensure new patches are added regularly is important. You will also want to test every patch to ensure that your software solutions function as designed. This includes frequently updating antivirus tools, firewalls, and spam filters.
There are plenty of solutions and strategies that you can use to keep your business’ network and data secure. If you would like to have a conversation about cybersecurity and how to deploy some tools and strategies that can work to that end, give ISC a call today at 502.292.5097.