We’ve talked a lot recently about the growing cybersecurity threats that small to midsize firms face as the sheer volume of attempted attacks grow in numbers and sophistication. It is important to make sure our systems are as safe and secure as possible. Here are 2 simple ways to get started: passwords and multi-factor authentication.
What Makes a Good Password Policy?Passwords are the first line of defense against a cybercriminal gaining access to your email, financial information, work files, and more. Passwords must be strong, complex, and unique. If you’re like many people, you probably use the same 5 (if that many!) passwords for all your accounts. That should stop immediately. Consider using a password manager to keep track of your many passwords. There are several secure, reliable ones available to choose from.
Passwords should also be complex (including both capital and lowercase letters, numbers, and symbols) and changed on a frequent basis. At the very least, change your passwords every 180 days. At the firm level, the process to prompt password updates for each person to change their passwords must be automatic and enforced, with no exceptions.
Is a Password Enough?
A strong password is vital, but it’s just a first step. Of course, there are other important pieces of the cybersecurity puzzle, like anti-virus software, firewalls, encryption tools, network monitoring tools, and more. But all of those can still be bypassed by a sophisticated attack.
Take an Extra Step
In addition to users entering a password, it’s important to verify their identity. Multi-factor authentication (MFA) requires the user to enter a code or another form of authentication in addition to a password. It is not enough for MFA to be on your company’s email only. It should be extended to line-of-business applications, cloud services, and remote access systems. If a password is leaked, the second factor prevents access to your firm’s sensitive data. MFA should be enforced for all users without exceptions. All it takes is a single compromised account to wreak havoc for a firm.
It is essential to put safeguards into place to prevent cybercriminals from interfering with your business. Strong passwords plus MFA are particularly important in today’s hybrid work environment to ensure that not only is a user’s device secure, but that the path into a firm’s network is more secure, as well.
For more information about how to protect your business from cyberattacks, contact us.