According to the 2016 survey, Managing Insider Risk through Training & Culture, 66% of the IT and security professionals surveyed listed their employees as the weakest link in their security strategy. This is a serious problem when you consider that the average cost of a cyber-attack is over $12 million, and it takes 170 days, on average, for companies to detect a cyber-crime. It normally takes an additional 45 days to recover from a data breach. For many small and medium sized businesses, a security breach is a death sentence due to these factors and the negative impact on the company’s reputation.
There are some steps you can take to make sure that you are doing your part within your company to keep data secure. The following are some best practices you should get in the habit of following.
Passwords often get overlooked or overused within the business setting which is unfortunate as poor password use is completely preventable. In fact, weak username/password combinations are one of the most common sources to blame for security breaches.
It is imperative that you use a password which is complex and uses uppercase letters, lowercase letters, numbers and symbols. Password security starts with the creation of a password which will not be easily guessed or determined. If you are workshopping password ideas and want some feedback as to their effectiveness, check out this password rater.
Depending on your job, you might have to sign into multiple different websites or accounts throughout the course of a normal workday. You should always use a different username/password combination for each site. If you are overwhelmed with the idea of coming up with many different passwords, use the same root password and create slight variations of it for each website.
You should completely change your passwords every 3 to 4 months or twice a year at the absolute minimum. You will not always be aware when a password has become compromised, so it is best to get in the routine of changing them.
Malicious individuals are always devising new ways to trick people into willingly divulging their passwords. Just last month, an article was published warning about a phishing scheme in which hackers send an email from someone you know (who has already been hacked). The email directs you to what appears to be a Google sign-in page. If you enter your password in the fake sign-in, it will be sent to the hackers.
The following are the most common sources impersonated in phishing schemes:
You can use sites such as TrustedSource to verify the validity of links before you click on them.
Do your best to regularly install updates on all of your work devices. Never leave your devices unattended or unlocked. Get in the habit of locking your computer every time you step away from your desk, and don’t leave your work laptop, phone, tablet, etc. unattended in public.
If you do lose a device or have one stolen, report it immediately to your IT department, so they can take the necessary precautions to protect sensitive information. If you are working in a coffee shop or some other location that uses public Wi-Fi, do not send private information.
If you still have security related questions, don’t hesitate to contact Partnered Solutions IT. We can perform security audits for your business to detect potential problem areas before they’re exploited.