In today’s online world, the traditional “username and password” authentication approach to account security can often present an easy point of access for cyber criminals – leaving personally identifiable and financial data vulnerable. In just March and April of this year, IMB X-Force observed a more than 6,000% increase in COVID-related phishing attempts. As phishing attacks continue, it’s important to educate employees and businesses on the necessity of practicing better online security. Need to have this conversation with your team? Use our tips below to ensure employees are better protecting your business.
Require Complex Passwords
The most common way hackers break into computers is by guessing passwords. Simple and commonly used passwords allow intruders to gain access to a device and control it. Nearly everyone knows that creating a strong password is important, but how many people in and outside of the cybersecurity and technology realm are actually complying? A strong password should be consistently updated, too. Every 30 to 90 days is ideal. Another common occurrence, never use the same password for two or more devices.
In Case You Need a Refresher – What Makes a Strong Password?
- Contain at least ten characters
- Have a combination of characters including upper-case and lower-case letters, numbers, unique symbols and punctuation
- Never write down the password
Make Use of Multi-Factor Authentication
Multi-factor authentication is the use of two or more independent factors to validate the identity of a user accessing an application or service. The most common form of multi-factor authentication is two-factor authentication which often pairs your first factor (typically a password) with a second factor such as a device (smartphone or ID badge). The different types of authentication factors are:
- Something You Know
- Security Question
- Personal Identification Number (PIN)
- Something You Have
- Smartphone or Device
- Badge/Smart Card
- Something You Are
- Retina Scan
- Facial Recognition
- Voice Verification
With MFA, a compromise of just a single factor will not unlock an account—and the chances of someone having your second (and third) factor is very unlikely. MFA should be used whenever possible to protect against phishing and hacking because it immediately defuses the threats associated with a jeopardized password.
Even with more difficult passwords and MFA, don’t forget to remind your employees that the basics of cybersecurity are still important and relevant. The most effective cybersecurity plan includes educated and aware team members. Ready to improve your security perimeter? As partners with Cisco, ask us about getting started with Cisco Duo and any of our additional security products. Contact us today.