If a robber wants to break into a house, he’s probably going to avoid the home with alarms, a double-bolted door, and the “Beware of Dog” sign. For computers, the thought process is similar—hackers rarely attempt to breach well protected data, simply because there are easier targets. However, if your 12-year-old leaves the door to your house wide open—or if a coworker invites a hacker into your office—all the security in the world won’t matter. Once a thief has gained access to your important documents, he can do whatever he wants with them.
So, does that mean we have to revoke outside privileges for all 12-year-olds and never let visitors enter the office? Nope. But it does mean we have to rethink how we’re protecting our data. If we’re not protecting it, we’re leaving it open to attack; it’s not a matter of whether an attack happens, but when.
If you’re looking for ways to fortify your data and important files, consider implementing the following:
MFA – Multi Factor Authentication
Most basic security plans feature an identifier (ex. your username) and a verification prompt, such as a password. However, these two details are rarely enough to protect your data. Passwords can be easily guessed (pro tip: if your password’s a variation of “password,” change it!), and if someone sees you typing your username, you’ve given them half the information they need to impersonate you.
In order to make it harder for hackers to obtain your login info., many companies utilize MFA, or multi-factor authentication. You’re probably already familiar with some form of MFA, be it Twitter’s login verification or Facebook’s 2-step verification. MFA requires additional verification that only you would know, thus making it an easy way of showing your company, “Hey, it’s actually me!”
MFA verification factors can be something only you’d possess, something only you’d know, or something on your person. For instance, in line with the house analogy, MFA might require a literal key; it could also ask a security question or prompt you for your fingerprint. Companies that utilize MFA’s additional verification features are 90% more secure. Conversely, companies who don’t use MFA are going to look a lot more tempting to a hacker.
SSO – Single Sign On
Ok, MFA sounds great, but it’s going to require a lot of time, right? You’ll have to retype your password, always hold onto your key, and fill out the same security question over and over… unless you have SSO. SSO, or single sign-on, allows you to access all your accounts through a single sign-on portal. To go back to the house analogy, SSO is kind of like a remote that allows you to unlock your door, turn off your alarm system, and give Fido a treat all at once. (Honestly, the house analogy doesn’t quite work here, because SSO is more practical than your conventional home security unit).
SSO encourages productivity by cutting down on time required to fill out your verifications. It increases security by requiring less password memorization, which also decreases the likelihood of you writing down your password and having it stolen.
SSO, combined with MFA, basically creates a fortress to fend off attackers. And if you have the choice between a house with no locks or a fortress with a giant moat and palisades, which are you going to choose?
Security Awareness Training
There’s one final component to cybersecurity that we could write several articles on. It’s perhaps the most important element of cybersecurity: training your employees. In the original house example, you did everything you physically could to keep out a robber, but 12-year-old Billy didn’t know any better and forgot to lock the door. Similarly, if Bob from Accounting uses his badge to gain access to your office, and then politely HOLDS THE DOOR FOR THE STRANGER BEHIND HIM, he’s just allowed a potential threat to enter your company and rummage through your files. There’s such a thing as too polite, Bob, and it often translates to unsafe.
Ultimately, an employee is a company’s biggest security risk, and educating employees about cybersecurity best practices is the smartest way to protect your business. Because hacking attempts are continually becoming more sophisticated, annual computer based training (CBT) is necessary to keep employees up to speed on new threats. Additionally, companies should frequently test their employees with mock phishing emails in order to ensure they’re staying diligent.
When implementing security for your home, you only choose the most efficient, most practical safety measures. Your company files deserve the same treatment. So, build up your fortress and train your employees, and you’ll be prepared for the next attack.