A tribune of Thibaut Behaghel, International Products Specialist, LastPass (LogMeIn).
Hackers allegedly posed as Microsoft employees to steal passwords from British MPs. The success of this attack would be the result of human error. This incident showed that even senior officials could be vulnerable, and that man was often the weakest link in cybersecurity.
Employees are generally unaware of online security issues and do not realize that they are putting their business at risk. Yet, although organizations must absolutely ensure that they run no risk, a certain balance must also be found. Indeed, if security becomes a constraint on their daily tasks, they will be less likely to observe best practices in this area. Worse, they could try to circumvent the security strategies in place, which would entail even greater risks.
So here are 5 tips to allow companies to make their employees their first line of defense.
1. Define basic password requirements
When it comes to creating passwords, you tend to be satisfied with the minimum required, and the workplace is no exception. It is therefore important to define requirements for the minimum number of characters or complexity. The use of "simple" passwords (dates of birth, pet names and other sequences of recurring numbers, such as 123456) should also be strongly discouraged. Finally, IT teams should require that any new password be different from the old ones, and that they be updated at regular intervals.
2. Enable two-factor authentication across all accounts
In addition to strong passwords, organizations should also enable two-factor authentication (2FA) globally. Users will then be required to enter an additional credential, such as a fingerprint or a one-time password, in order to access their accounts. With this layer of protection, even if a hacker managed to steal a password, he would not be able to log in to the account. In addition, this approach protects identifiers from password discovery tools, and helps to limit damage in the event of successful phishing attempts. More and more organizations are seduced by the benefits of 2FA authentication and implement it extensively as part of more comprehensive security policies.
3. Manage user access
Whether you have 5 or 500 employees, only the right people need access to the right information. Sensitive data should also be shared with as few individuals as possible, and a protocol should be in place for any employees who wish to access an account they do not have their identifiers. Companies should also design a system to track the passwords of individual accounts and list which employees have access to which accounts. This approach not only ensures the correct management of passwords, but also to know which ones to update in case of departure of an employee.
4. Issuing guidelines for the use of personal devices
Since remote work is increasingly used by employees, employees increasingly use their personal devices at work. Indeed, the professional and personal spheres are more mixed than ever, and they therefore want to be able to use their services freely. Although there are many benefits for both employees and the company, this practice is also a risk. For example, if they seek to access corporate data via a public wireless network, they will unknowingly expose their business accounts. Organizations must therefore educate their employees about the risks associated with the use of their personal devices in the workplace.
5. Create a formal strategy
Finally, companies should develop a formal security strategy encompassing all of the above tips, as well as any other security information that employees should be aware of. The basis of this cybersecurity strategy would be to recognize that men are just as important as technology. Whether new or existing, employees should be trained regularly to be aware of potential risks, and to learn how to help minimize their company's exposure to potential threats. Finally, the strategy put in place must not be perceived as a chore. For this, gamification can be used to stimulate employee engagement and make the training fun and open to everyone.
Related:
💌 Follow by Email:Digital Channel
🌍🔍 Search Google :digitalchanneltv.tk
Click Index You Might Be Interested
suivre Dhaouadi Aymensur
