Cybersecurity measures of your company are only as strong as their weakest link – the human factor. Even the strongest and most thought-through policy will only get you so far if you don’t invest in training your employees and teach them the best practices. Unless told otherwise, they may assume it’s the IT department’s job alone to protect systems and passwords. There’s a whole lot you can teach yourself and your employees in this regard, starting with the following:
- Be On The Lookout for Phishing Emails
Today, computer literacy is widespread. But many people still don’t know what a phishing email is. But when you know more about it, these scam emails are much easier to spot.
The scammer usually poses as a voice of authority. In most cases, they demand sensitive personal information from the victim, such as their login credentials. In other variations of the scam, they lead to fraudulent login forms. These attempts imitate the real websites looks-wise. But in reality, they are nothing more than a tool for siphoning usernames and passwords.
Every employee’s gut reaction should be to double double-check the source of the email. If someone tries to masquerade as one of the superior-ranking officers in the company, it’s best to ask them in person before proceeding. But no matter what you do, never, ever, should you hand out any passwords in this manner. A real administrator can access your account without needing to know it, so they will never ask.
- Consider What Hackers May Be Interested In
Depending on the nature of your business, hackers can attempt to get different things out of messing with your cybersecurity defenses. Don’t only think only in terms of money and bank account login credentials.
For instance, some companies may need to inspect a scan of their customers’ government-issued ID to stay compliant with all the regulations. Imagine the disaster that would ensue if this data ever leaks out into the open – not to mention the dangers of identity theft. Due to hefty legal fines, loss of reputation would be the least of your problems.
It’s advisable to use encryption on all devices and files that contain sensitive data. Use 256-bit encryption that supports different lengths of keys to have plenty of flexibility. In any case, encrypting essential files acts as another layer of security. It will protect you even if the hackers get a hold of your main computer.
- Encourage The Use of Varied Passwords
Instruct your employees to use unique passwords and never share them with anyone. At the very least, avoid using default passwords and update them as soon as possible. Otherwise, all a hacker has to do is look it up, which could take less than a minute.
When creating a secure password, the usual applies. Avoid making it easy to guess or having it contain any personally-identifiable information a hacker can research. Your home address is a no-no. Passwords should be lengthy, contain capital letters, special symbols, and numbers. It’s also a good idea to avoid reusing them and change them every couple of months.
- Stress The Importance of Keeping the Passwords Private
Keeping the passwords safe from non-employees is common sense. Storing them only in an encrypted form, like a password manager for work for instance, is a bit less so. Many employees need dozens of passwords for different services and devices. They can end up writing them down on a sticky note, or in a plain text somewhere digitally. It leaves passwords vulnerable to hacking attempts.
The only way to keep passwords secure and private is to encrypt them. You can create a text file with all passwords and encrypt it. But having a password manager is a much more convenient option. Plus, they come with robust algorithms like XChaCha20 encryption (https://nordpass.com/features/XChaCha20-encryption/), which beats most of the usual file encryption services either way.
- Wipe The Data From Old IT Equipment Before Discharging it
Much to some people’s surprise, data wiping is not the same as data deletion. The former is done on a more thorough level compared to the latter.
What does it have to do with password security? Simple. Whether it be passwords or other sensitive information you wouldn’t want to go into the hands of another, data wiping ensures that no bits and pieces stay on the hard drive. To do this, you could either use specialized software or hire a professional.
The workplace is not a playground. Every day, all sorts of sensitive data are at stake. It’s everyone’s responsibility to take appropriate measures to protect it. If you happen to be a manager, it’s your job to ensure that the employees understand it and follow the best practices.