What is your organisation’s biggest threat today?
Companies today face a multitude of different threats. Brexit, economic worries, currency fluctuations are all worries on most entrepreneur’s minds. Many of these are beyond our control, however there is one area where logical steps can mitigate the risk faced – IT Security.
IT Security is often an area that is overlooked by companies today, not necessarily on purpose, but because there are often too many other things going on, to spend the time and focus on these areas that may need attention. 88% of UK businesses faced a data breach last year, according to techradar.com. Many of these data breaches can be easily avoided by spending just a little bit of time taking an inward look into your business, finding flaws, and fixing them.
“Humans are the biggest weak points in most companies”
It may sound funny, but when you stop to think about it, it makes sense. Companies these days usually are not hacked into using elaborate techniques. They have breaches because employees are unaware of what a phishing email is. Phishing emails are designed to trick users into thinking that an email has come from a trusted organisation, i.e. a bank, cloud provider, or social media network – when in fact they have come from someone trying to steal login credentials.
There are ways to identify phishing emails, and we will go into that in our next post. However, there are other ways you can ensure that damage is limited if one of these breaches does occur.
- Enable 2-Factor Authentication across all online services.
2 Factor Authentication involves using a second device (such as a mobile phone) to authenticate a user. Meaning if their password is stolen, an attacker cannot gain access to the user’s account without a code, generated from that users phone. By enabling this feature across all online services, an attacker cannot use the same password to try to gain access to different platforms.
- Don’t allow users to keep the same password across services.
In some cases (it’s becoming rare) some services don’t offer 2FA login, or it may be impractical for some reason (it should be a very good one!). Regardless, it is good practice not to use the same password across multiple services, as once that password is leaked, or stolen, it is very easy for attackers to try that password on a multitude of different online services.
- Educate your employees, and have processes in place (that everyone is aware of) for when a breach does occur.
If an employee does fall for one of these tricks – it happens – quite a lot – they shouldn’t be punished. Try to encourage a culture of ‘sh1t happens and thats okay’ as long as they report it to your IT Support company or IT Support department as soon as possible, and as a matter of urgency. Often phishing sites are left online, collecting data, without somebody monitoring them 24×7. This means that there is usually a small window of time, where the user account is still unaffected. Its during this time where your IT company can ensure that the required passwords are changed across affected platforms, ensuring that the attackers never get time to try to login.
Has your comapny been affected by a databreach? Do you have a plan in place for when a breach inevitably does occur? Ask Office 21 about our IT support and IT security services, we are always happy to have a chat about your processes – firstname.lastname@example.org – 08444 10 2330.