Working from home. To some it’s paradise. To others it’s a struggle.
To security professionals (that’s us), it’s the wild, wild West.
Without the robust infrastructure of a wired office building with firewalls and other built-in security measures, your employees, your data and your reputation are hanging like longjohns on a line, waiting for any old cowboy to come riding in and swoop them away.
Recently, Solarity conducted a live community session on Cybersecurity during the pandemic, and we reckon you’ll want to know the top five things your organization can do to minimize security risks. (By the way, these work all the time, not just during pandemics.)
Saddle up, partner. We’re goin’ for a ride.
#1. Use Password Best Practices. First off, if you think you are doing a good job with your passwords because you used a meaningful word and just replaced all the vowels with numbers and special characters, we’re here to tell you that whiskey’s been watered down. Hackers have gotten savvy. If you want to protect your information properly, you’ve got to do more than that.
Switch to passphrases. Instead of using something like JohnW@yne, which, believe it or not, is very hackable, switch to a passphrase. Passphrases are strings of four or more words that are unrelated. Picklesbourbonregardlessjolt is going to be much harder to hack simply because it is so long and random, even though it has no numbers or special characters. (https://blog.1password.com/toward-better-master-passwords/)
Never reuse passwords. You need a different password or passphrase for each account you have, especially important logins such as corporate accounts, bank accounts and email. One of the most common ways people get compromised is that they sign into a message board with the same password they use for their bank or email. The message board gets hacked, and the misbehavin’ ensues. Before you flip the saloon table, we understand that the human brain is not designed for that amount of recall, and nobody wants to keep a little notebook full of passwords, either… which is why password managers were invented.
Consider a password manager. Password managers generate and store complicated passwords, pulling them up for you on demand so you never have to remember them. It’s like showing up to the gunfight with your two pistols plus a surly robot with a hundred arms and an arsenal. Some password managers, like 1Password, also protect you from using previously compromised passwords or entering the right information into the wrong website, dadgumit! While there is some concern about putting all your proverbial eggs in one basket, using a reputable password manager is unquestionably safer than not.
#2. Multi Factor Authentication. Multi factor authentication is like that big, frowning ranch hand who takes out the shotgun-wielding varmint in the general store window, saving you from an overly theatrical death. MFA protects you by requiring two or more different forms of authenticating your identity (usually your password and then a code they text or from an app). As a result, even if a hacker gets your password, he won’t be able to compromise you without that second factor. You’ll notice a lot of familiar organizations using MFA now, including email clients, banks and even social media accounts (that’s what was going on when Twitter insisted on texting that code to your phone in order to let you log in from a different computer).
Simply by using password best practices and multi factor authentication, you can save yourself, your employees, and your organization a lot of security-related grief. For three more security tips, mosey on over to Security Tips for Businesses during Covid-19 and Beyond (Part Two), where we’ll talk about patch apps, native apps and admin settings as additional security measures you can take. Solarity also offers courses on IT service management, risk management, and more.
One thing’s for sure. If you’re not taking security measures, especially now, you just gotta ask yourself one question: Do I feel lucky?
About the Authors
Wes Allen and Don Garrison, Solarity Senior Security Analysts
Christy Swift has been a writer and correspondent in the United States and Canada for over 10 years. With a degree in English and technical writing, she has a knack for making complicated subject matter digestible and even tasty. Christy regularly conducts research into the latest trends in project management to provide the Solarity Group with engaging content for its website and e-newsletters.
About Solarity
Our mission is to help people, organizations, and communities THRIVE! Our broad range of experience and knowledge in a range of different industries allows us to customize our approach to fit the situation. We work in total partnership with our clients to understand their business needs and the current environment, and then match the right amount of process to meet the culture and the project.