3 Things You Can Do to Avoid Compromised User Accounts

Business Value, Security, Tech Trends and Tips

3 Things You Can Do to Avoid Compromised User Accounts
We’ve all become numb to the constant news about the digital threat we’re under. Not a week goes by without a major headline about a business or governmental agency that has been hacked or worse, ransomed to retrieve their data. 

The truth is, there is no perfect form of cybersecurity. Risk and vulnerabilities will always be there. But if you do these 3 things, you can avoid compromised user accounts and keep bad actors from targeting your business. 

3 Things to Avoid Compromised User Accounts 

#1 – Activate Multi-Factor Authentication (MFA) 

MFA is a layer of security that’s easy to deploy and simple for people to understand. When you sign into a device (e.g., laptop or smart phone), the software application will typically send a text to your phone containing a code that will confirm your identity. Enter the code and you gain access. Easy, right? Other forms of authentication include biometrics like facial recognition or fingerprints. 

Why is MFA so important? In part, because not many businesses use it. According to Microsoft, less than 10% of users actually use MFA. This is why the rate of compromised accounts is less than 0.1% of the general population for those who use MFA.   

Hackers run their nefarious operations like most businesses.  They want efficiency and to realize healthy return on their investment.  The reality is they don’t have to work as hard on user accounts that are easy to compromise. If you have MFA, you make it exponentially harder for the bad guys to break into your employees’ accounts. There are plenty of other fish that are easier for them to catch. 

#2 – Create passwords using this intuitive methodology and use a password manager

The old thinking about creating strong passwords was that they had to be complex and changed at certain time intervals. That is certainly better than the still dangerously popular “password123” though security experts know complex rules can be counterproductive. People write down these complex passwords on sticky notes attached to their devices or desktops which is worse than a simpler password.  

The newer perspective, however, is that passwords should be easier and more intuitive rather than tied to some arbitrary complex requirement. They key is the length of the password. It should be at least 16-20 characters in length and easy to remember – for example, “MacbookoverWindows” which is 18 characters in length. 

With each character added to the password, the ability for a brute force hack becomes exponentially more difficult. According to one password strength tool, it would take a computer about 6 TRILLION YEARS to crack this password.  

Of course, this is theoretical and ignores how future advancements in large scale computing may change that calculation in the future. But you get the idea. If you shorten our example to “MacbookWindows” (14 characters), the time to crack the password drops to 800,000 years. So you can see the significant difference just adding a few more characters can make (a factor of 7.5 million!). 

Finally, use a password manager to store and easily access these more complex passwords. Save the memorization of a complex password to the one you need to access the password manager too.

#3 – Train your employees 

Employee awareness efforts cannot be emphasized enough. Employees are the single biggest vulnerability in your business. According to Verizon, human error caused 85% of all cyber data breaches in 2021.  

While you can (and should) employ a wide variety of technologies, modifying human behavior may yield one of the larger returns on your security investment. Though employees may be one of your biggest vulnerabilities, that risk can be reduced significantly through awareness, training and making vigilance a part of your company’s culture. 

Invest in a learning management system (LMS) such as QuickHelp, that has trackable, self-guided learning tracks in cybersecurity in addition to productivity training for applications in the Microsoft Office Suite. These are low-investment tools that yield big returns. 

Conduct regular phishing campaigns to test the efficacy of your training efforts so you can determine who may require additional training. The goal is to train, not shame, your employees. 

What’s the secret to effective cybersecurity? 

There are many layers of vulnerability in organizations from logging into an application to protecting the physical devices that connect your employees to each other and the internet. Effective cybersecurity policies are comprehensive and should add as many layers of protection as the business requires and the budget allows.

What you want to make sure you do is stay ahead of the bad guys. They are looking for easy marks. Consider these steps cyber vaccine of sorts to protect your business. If you make it harder for a hacker, the statistics indicate you are exponentially safer if you take these actions.  

Get a big bang for your security buck by doing these 3 things now to avoid compromised user accounts in your business.  

 

Related Topics 

How Important is Security to Your Business 

How Employees Can be Your Biggest Threat 

Security Risk Assessments 

The Resource Hub

Get Complete Managed Services Insights

Visit our Resource Center for up-to-date news and stories for technology and business leaders.

8 Critical Priorities Your IT Needs to Nail 

8 Critical Priorities Your IT Needs to Nail 

,

If you’re a business owner or leader, you know how important it is to have a reliable and effective IT partner that can help you achieve your goals, keep your workforce productive while maintaining a safe and secure network environment.  But how do you know if your IT partner is really delivering on their promises and meeting your expectations? How do you measure their performance and value? ...

Applied Tech Recognized on the CRN MSP 500 List for 2023

Applied Tech Recognized on the CRN MSP 500 List for 2023

March, 2023 – Applied Tech has been named to CRN’s Managed Service Provider (MSP) 500 list for 2023 in the Pioneer 250 category. This annual list recognizes North American companies with innovative approaches to managed services that support customers with the ongoing complexities of IT solutions while optimizing operational efficiencies and systems to maximize return on investment. The Pioneer...

Wisconsin State Journal Names Applied Tech a Winner of Madison’s Top Workplaces 2023

Wisconsin State Journal Names Applied Tech a Winner of Madison’s Top Workplaces 2023

Madison, Wisconsin, March 26, 2023 - Applied Tech has been awarded a Top Workplaces 2023 honor by Wisconsin State Journal Top Workplaces for the second year in a row. The list is based solely on employee feedback gathered through a third-party survey administered by employee engagement technology partner Energage LLC. The confidential survey uniquely measures 15 culture drivers that are critical...

Applied Tech and Platte River Networks Partnership Creates “Strategic IT Powerhouse” for Small and Midsize Businesses

Applied Tech and Platte River Networks Partnership Creates “Strategic IT Powerhouse” for Small and Midsize Businesses

Blockbuster merger expands team and expertise, bringing more knowledge, services, and technical specialization to local growth-minded businesses nation-wide MADISON, Wis. & DENVER--(BUSINESS WIRE)--Two of the IT channel’s top-performing, celebrated managed service providers (MSPs) – Applied Tech and Platte River Networks have partnered to become an MSP superpower serving businesses...

Three IT Service Techs Working

Move Forward with IT Services for Business

Use managed services for small and mid-sized businesses that help you reach your goals.

Work With Us