Passwords aren’t enough for small business security

From Target to Sony Pictures, security breaches at businesses of all sizes were in the headlines throughout 2014. We are only in February but the data breach stories show no sign of abating.

Whether it’s a specific hacking attack on a British shoe retailer or hacktivism at companies with millions of online members, the loss or compromise of passwords is frequently a common factor.

Ever since they emerged in the late ‘90s, passwords have been our primary security measure. Fast forward to today and we often find that employees are still routinely using the same style of basic password  – except now these passwords are required to protect smartphones and tablets  carrying sensitive company-related data, as well as social media and cloud-based applications used regularly in the workplace.

It’s clear that conventional password use is no longer fit for 21st century purpose and businesses must adopt additional measures to ensure their passwords are up to the task.

Extra levels of authentication are needed to verify the identity of employees using their passwords, and businesses should start to enforce these as standard within their organization especially if they have in place bring your own device (BYOD) policies.

AVG has created this short eBook to help you develop a BYOD policy that fits your business:

 
In my view, many of the user identity breaches reported in the news could have been prevented with better password practices and stronger, multi-factor authentication methods.
 

Five top tips for more effective password management in 2015:

 

  1. Make sure security measures include formal staff training on password best practice. Passwords need to be strong, long and as secure as possible – complicate them by using “passphrases” rather than individual words – e.g. rather than “spotthedog” use “5p0tth360g”
  2. There is no harm in turning on “two-step authentication”. Most services are offering this now and is a simple code based system that send you a numeric password by SMS/Text to secure you login credentials
  3. Create a single profile for all corporate log-ins, with segmented privileges for individual employees within the same profile. This way, when someone leaves the company, they can be removed automatically.
  4. Some mobile phones now provide both identity and access management capabilities. Encourage employees to adopt these and incorporate them as part of your BYOD policy.
  5. To aid productivity, make it easier for employees to work anywhere, anytime with mobile technology by moving to a single sign-on environment where every employee has one-click to access to a secure area in the cloud containing all of their work accounts and applications.

 

This constant flow of data breach stories in the media has done much to raise awareness of the issues around passwords. Education is positive, of course, but action must be taken to foil the hackers.

If your business is supported by a mobile workforce equipped with either work or personal devices which provide ready access to company-sensitive systems and information, ask yourself that important question: what password practices do I need to implement to keep those devices and that data secure?

Don’t take it for granted that your people have the knowledge to handle this themselves. Instead make sure you equip them to help protect your company.

Leave a Reply