Employee credential risk is high and often avoidable
Companies are learning, sometimes the hard way, that no matter how much they spend on IT security, their own employees can still “leave the back door unlocked” and allow hackers in. As a result, companies are beginning to understand the importance of educating their employees on cyber security in order to mitigate this vulnerability. The key vulnerability: employee credential risk. It turns out the most common source of data breaches is compromised credentials, according to data security analysts.
And no matter how robust your data security is, stolen credentials represent a huge security risk that can lead to a breach of even the most protected systems. Educating employees and updating a few company policies can go a long way toward protecting your organization’s data.
Here are our top five tips for educating employees on cybersecurity and on mitigating employee credential risk.
5 Tips for mitigating employee credential risk
Limit access to pre-authorized personnel.
Too many companies fail to reign in access to their in-house systems. Instead, think critically about who really needs access to your organization’s most sensitive data and systems and limit access to those users who actually need it. Remember, if credentials are stolen, the hacker can only get into what is authorized for the employee they were stolen from. Access control can really improve your security efforts.
Prompt regular password changes.
How often are your staff prompted to change their passwords? The more critical the system or data that is being accessed, the more often they should. Industry practice is commonly to require a change every 45 or 90 days. By setting a standard of changing passwords regularly, you improve your organization’s data security because any stolen passwords will fail to work after the reset timeline.
Require complex and long passwords.
Business leaders who don’t require staff to choose complex passwords leave the door open to risk. Establish company protocols that all passwords must be complex. The best passwords are not obvious or recognizable words or phrases, and incorporate numbers, symbols and letters in both upper and lower case. In addition, they should be a length that makes it nearly mathematically impossible for “brute force” software to guess via an algorithm. Typically, this will require at least an eight character, complex password.
Educate staff about the steps they can take.
Train staff regularly about security awareness. Make sure they’re educated about phishing attacks and know how to spot one in their email inbox, security policies and best practices and how they should handle and control access to sensitive information. From teaching staff not to use public computers (not to mention, avoid clicking the “remember password” prompt), never writing down passwords and leaving them at their workstation, and not misusing access rights, you’ll protect your company for the long haul.
Partner with an IT management team.
Find an IT management team who can help you stay abreast of the ever-changing threats in the digital space; someone like Locknet Managed IT, who can proactively monitor your company’s data and threats to your security as well as provide effective training to your employees.
Does employee credential risk threaten your security?
When data security matters—and these days, when doesn’t it—it makes sense to put into place security systems and training to ensure that your employees are aware of their responsibility to protect the company data and systems. Educating employees on cyber security and using the additional tips above can make all the difference in warding off a data breach.
Locknet Managed IT can help your business quickly identify credential breaches and arm your employees with the knowledge they need to recognize risky situations and act accordingly. Contact a Locknet Account Executive at 844.365.4968 to learn more about Locknet’s Dark Web Monitoring and Security Education and Awareness Training programs. With just a couple of simple solutions in place, Locknet can help you better protect your credentials from being at risk.