When was the last time you talked about IT security basics with your employees? The conversation about IT security should always include reminders about the importance of unique and strong passwords. IT security best practices implemented by your managed IT service provider are a strong line of defense against potential cybercrime, but it doesn’t matter how fortified the castle is if someone lets opens the door and lets intruders walk right in.
People who are trying to gain access to your business accounts, information and network intend to steal, do damage or both. They seek to collect confidential information, compromise the integrity of your systems and data, or control access to your network and accounts to serve their illegitimate purposes. Attacks from outside your organization aren’t the only ones to consider. Unauthorized access to information and accounts by employees can unfortunately be fueled by similar motivations and have similar results.
Social engineering is a popular buzzword in IT security but it’s just a different way of saying that a con job is in action. One form of social engineering is phishing, a common form of manipulation that plays on people’s trust. Emails appear to be coming from people in authority or familiar organizations and guide the victim to fake web pages where they are asked to input their credentials. Other phishing methods install malicious software when the recipient opens an attachment or clicks on a link in an email. Some types of malware record actions that are taken on the computer and sends the information back to the intruder. Brute force attacks are automated attempts to login with a series of possible usernames and passwords.
Your IT security best practices should include guidelines for how employees should respond when someone asks for their network or login credentials over the phone. The caller may impersonate the company CEO or other person in authority, or claim to be from a technology company like Microsoft, or your own IT support company. Hackers have even been known to give instructions to people who unknowingly compromised their data and systems by helping them open the door.
Unauthorized access to sensitive corporate data from inside your company can occur when employees have inappropriate permissions for their job role, or abandoned accounts are not fully secured. Terminated employees may also still be able to get to company accounts if their accounts are not disabled or passwords changed. The practice of having passwords on a sticky note is like putting your keys out in the open so that anyone can come and unlock your door.
Here are some password guidelines to follow that will help keep the doors locked to intruders: