We’ve all become numb to the constant news about the digital threat we’re under. Not a week goes by without a major headline about a business or governmental agency that has been hacked or worse, ransomed to retrieve their data.
The truth is, there is no perfect form of cybersecurity. Risk and vulnerabilities will always be there. But if you do these 3 things, you can avoid compromised user accounts and keep bad actors from targeting your business.
3 Things to Avoid Compromised User Accounts
#1 – Activate Multi-Factor Authentication (MFA)
MFA is a layer of security that’s easy to deploy and simple for people to understand. When you sign into a device (e.g., laptop or smartphone), the software application will typically send a text to your phone containing a code that will confirm your identity. Enter the code and you gain access. Easy, right? Other forms of authentication include biometrics like facial recognition or fingerprints.
Why is MFA so important? In part, because not many businesses use it. According to Microsoft, less than 10% of users actually use MFA. This is why the rate of compromised accounts is less than 0.1% of the general population for those who use MFA.
Hackers run their nefarious operations like most businesses. They want efficiency and to realize a healthy return on their investment. The reality is they don’t have to work as hard on user accounts that are easy to compromise. If you have MFA, you make it exponentially harder for the bad guys to break into your employees’ accounts. There are plenty of other fish that are easier for them to catch.
#2 – Create passwords using this intuitive methodology and use a password manager
The old thinking about creating strong passwords was that they had to be complex and changed at certain time intervals. That is certainly better than the still dangerously popular “password123” though security experts know complex rules can be counterproductive. People write down these complex passwords on sticky notes attached to their devices or desktops which is worse than a simpler password.
The newer perspective, however, is that passwords should be easier and more intuitive rather than tied to some arbitrary complex requirement. They key is the length of the password. It should be at least 16-20 characters in length and easy to remember – for example, “MacbookoverWindows” which is 18 characters in length.
With each character added to the password, the ability for a brute force hack becomes exponentially more difficult. According to one password strength tool, it would take a computer about 6 TRILLION YEARS to crack this password.
Of course, this is theoretical and ignores how future advancements in large-scale computing may change that calculation in the future. But you get the idea. If you shorten our example to “MacbookWindows” (14 characters), the time to crack the password drops to 800,000 years. So you can see the significant difference just adding a few more characters can make (a factor of 7.5 million!).
Finally, use a password manager to store and easily access these more complex passwords. Save the memorization of a complex password to the one you need to access the password manager too.
#3 – Train your employees
Employee awareness efforts cannot be emphasized enough. Employees are the single biggest vulnerability in your business. According to Verizon, human error caused 85% of all cyber data breaches in 2021.
While you can (and should) employ a wide variety of technologies, modifying human behavior may yield one of the larger returns on your security investment. Though employees may be one of your biggest vulnerabilities, that risk can be reduced significantly through awareness, training and making vigilance a part of your company’s culture.
Invest in a learning management system (LMS) such as QuickHelp, that has trackable, self-guided learning tracks in cybersecurity in addition to productivity training for applications in the Microsoft Office Suite. These are low-investment tools that yield big returns.
Conduct regular phishing campaigns to test the efficacy of your training efforts so you can determine who may require additional training. The goal is to train, not shame, your employees.
What’s the secret to effective cybersecurity?
There are many layers of vulnerability in organizations from logging into an application to protecting the physical devices that connect your employees to each other and the internet. Effective cybersecurity policies are comprehensive and should add as many layers of protection as the business requires and the budget allows.
What you want to make sure you do is stay ahead of the bad guys. They are looking for easy marks. Consider these steps a “cyber vaccine” of sorts to protect your business. If you make it harder for a hacker, the statistics indicate you are exponentially safer if you take these actions.
Get a big bang for your security buck by doing these 3 things now to avoid compromised user accounts in your business.