5 tips for protecting your company’s accounts

Organizations are prioritizing cybersecurity in 2022. The Enterprise Strategy Group’s Technology Spending Intentions survey revealed that 69 percent of businesses are increasing their security budget.
IT network security issues
The key areas flagged for investment include digital forensics, response strategies, and staff training. Human error is a common denominator in the majority of cybersecurity incidents, making training an important element in any security budget.

All too often, the basic principles of good digital hygiene are not adequately met, which puts company accounts at increased risk.

These five tips help mitigate the risk, and they are all easy to implement and in many cases, free.

Avoid common passwords

Even CEOs and other members of the C-suite fall into the error of using common, well-known passwords. Research reported by Mashable shows that CEOs tend to favor unsafe codes including ‘qwerty’, ‘123456’, and even the abysmally insecure ‘password’.

Not only are these among the world’s most common passwords, but they are also among the easiest to hack. Studies show that the majority of passwords in frequent use can be cracked in under a second with advanced software.

Use multi-factor authentication

Multi-factor authentication is one of the best ways to protect business accounts because if one account security measure is compromised, there is still another layer of protection.

Authentication options include passwords, biometric security such as facial recognition or fingerprints, SMS verification, and one-time log-in codes. There are pros and cons to each option and the best combination will depend on each business’ needs and operations.

Limit BYOD culture

BYOD (Bring Your Own Device) has become more common in recent years. But is it good for business?

Despite its potential for Capex savings, no. And it may be far costlier in the long run.

BYOD culture can make your company vulnerable to data breaches and cyberattacks, which can cost your business thousands of dollars in lost productivity, revenue, and reputation. In addition, BYOD means less control over what happens with data stored on each device, and less insight into how data is being used.

Limit access whenever possible

Carefully consider who has access to which accounts. Access privileges should be monitored and assessed on a regular basis. Although most cybersecurity incidents are the result of a malicious third party with no connection to the company, there have been notable incidents when a disgruntled employee has handed sensitive account information to threat actors.

In 2020, Christopher Dobbins, a former medical device packaging company employee broke into the business’ computer systems, enabled admin access, and then removed more than 100,000 records. The result was significantly delayed PPE deliveries.

Insider threats come in two forms: malicious (such as the case above) and negligent. The latter involves human error, something threat actors know is exploitable.

Staff training

Regular and ongoing staff training, which includes the C-suite, is the best way to ensure basic digital hygiene practices are being followed. Training helps limit the risk of breaches caused by malware and phishing attempts. It can also involve training staff to use security tools properly.

Many security incidents are avoidable, and many are the result of basic measures being ignored. Even as the threat landscape evolves, attending to these basics remains an important element of any cybersecurity strategy.

Rajani Baburajan