IT is crucial to your business operations, so it is vital that you take every effort to protect your systems and data from being breached by cybercriminals – or lost by careless users. The 2015 State of the Endpoint Report by Ponemon found that 78% of IT managers regard users who do not follow security procedures as the biggest risk to corporate systems. So how can you raise security standards further?
Enforce password security
The average user has at least 19 passwords to remember between home and work accounts. Many use this as an excuse for duplicating their login details across them all. Unfortunately, this means that if their personal Facebook account is breached their network logon ID for work is too.
Introduce a strong password requirement for all user accounts. Also consider implementing two-factor authentication to provide an additional layer of protection when your business is using Cloud solutions like Microsoft Office 365. You could also suggest that staff invest in a secure password manager like 1Password to help them securely manage 19+ unique passwords automatically.
Warn about WiFi
An increasingly mobile workforce is heavily reliant on WiFi availability to remain productive – but some wireless networks are not what they seem. Hackers will sometimes install “free” WiFi hotspots in public places and then monitor the traffic passing through it, capturing passwords and other sensitive information that can be exploited for profit.
To avoid this problem, all traffic coming from mobile devices needs to encrypted – that way it cannot be “read” even if it is captured. IT managers need to ensure that every laptop, tablet and smartphone that connects to the company network is secured with VPN connectivity, for automatic encryption of the entire information flow.
Tighten your phone security
One of the most effective ways to obtain sensitive logon details is to simply call an employee and ask for them. Brazen hackers will often pretend to be “from IT” and ask workers for their logon details so they can perform routine maintenance or similar. By handing over their logon, these users are effectively granting hackers permission to access the network.
The solution for this is to implement a verification system to ensure that calls from IT are genuine. You will need to arrange some kind of passphrase that your IT provider can use to confirm their identity when calling the office, to prevent impersonators from fooling your staff.