When it Comes to Security, Two Factors are Better Than One
The password isn’t nearly as secure as it used to be. Hackers have begun to take advantage of extremely powerful solutions designed to brute force their way into accounts by using software to rapidly guess thousands of passwords per second, making it extraordinarily difficult to prepare yourself for them. What’s the best way to guarantee that passwords aren’t going to be the downfall of your company? A great start is by taking a close look at password best practices and two-factor authentication.
To get started, let’s review the best practices for creating a password. These include the following:
- Use complex passwords: Your passwords should always be a complex string of letters, numbers, and symbols, including both capital and lower-case letters. Try to keep them as random as possible, without including any specific words or phrases if you can help it. This reduces the chance that your password will be guessed by a hacker.
- Use different passwords for each account: If you use the same password for every single account you have, you run the risk of one password exposing multiple accounts to hackers. Using multiple complex passwords can make them difficult to remember, however, which leads us into our next point.
- Use a password manager: If you’re following password best practices, you’ll notice that remembering passwords is difficult–especially when they are all different and complex. A password manager can store your passwords in a secure vault for access when they are needed, allowing you to use complex passwords at all times without needing to remember them. It sure beats writing down passwords in a Word document or elsewhere, and it’s much more secure than doing so. There are even password managers for businesses that let employers dish out certain credentials to staff in a safe, secure way.
While password best practices are important to ensure maximum security for your accounts, they’re often not enough to secure your business. Hackers are always trying to find new ways to crack even the most powerful of passwords. This is where two-factor authentication comes in. A hacker might be able to replicate the password, but can they replicate your accounts needed for access?
Two-factor authentication works by using a device or email account as a secondary credential for accessing an account or network. The obvious example is a smartphone, which can receive an SMS text message with a code needed to log into an account. Others might have codes sent to secondary email accounts. Either way, the point is that these types of credentials can only be received by the holders of the device, which is much more difficult for a hacker to take advantage of. There are even some types of two-factor authentication that utilize biometrics and near field communication technology (NFC), allowing for even more complexities that hackers will sigh and shake their heads at.
If your business needs to protect sensitive data, two-factor authentication is definitely one line of defense you will need. Catalyst Technology Group has a solution for you. To learn more, reach out to us at (317) 705-0333.
With Great Power Comes a Greater Security Risk, Study Finds
Every user on your network adds an additional level of risk, whether it be risk of user error, making a mistake that causes a data breach, or worse. One would assume that a company’s biggest risk would come from an untrained employee that disregards security policies, but surprisingly, that’s not always the case. Research has shown that a company’s CEO along with the rest of its C-level executives are the greatest security risk.
There are multiple factors that go into this. Take for instance the sheer amount of sensitive data that a CEO has access to. Whereas an average employee may just have access to data pertaining to their job or their department, a CEO generally has carte blanche to access any data they desire.
Then there’s the fact that CEOs typically have a poor work-life balance. This means that they put in way more hours than the average employee. You don’t have to be an expert in risk assessment to understand that a user accessing a company’s network 60, 70, or even 80 hours each week is a far greater risk than a user that only accesses the network 40 hours per week.
Both of these factors contribute to another reason why CEOs make for such a large security risk: the mobile devices they carry. In an effort to always be connected to the office, a CEO’s mobile device may have unfettered access to company records and sensitive information–more so than an average employee’s personal device.
In the case of an employee that has separate mobile devices for their work and personal life (often a luxury that CEOs can’t enjoy), the risk of data leakage or a breach resulting from the device getting lost or stolen goes down dramatically. Alternatively, CEOs aren’t restricted to the office and this mobility increases the risk of being hacked outside the office, especially when it comes to using their mobile devices in venues that offer public Wi-Fi, like coffee shops, cafés, conference centers, airports, etc. Hackers know this and they go to great lengths to make public Wi-Fi hotspots traps for unsuspecting users. This is why CEOs should be wary about accessing public Wi-Fi, and why it’s preferable that CEOs even avoid public Wi-Fi altogether (unless you are using a secure VPN to access all of your data).
A 2017 security report by iPass confirms this risk of cyber-attacks at popular Wi-Fi hotspots. The report ranks the riskiest public venues as follows.
- Coffee shops and cafés, 42 percent.
- Airports, 30 percent.
- Hotels, 16 percent.
- Exhibition centers, 7 percent.
- Airplanes, 4 percent.
How much time do your company’s C-level executives spend doing business from these locations? The more business that’s done using Wi-Fi at these locations, the more of a risk an executive or even a mobile employee is to your organization.
Finally, CEOs are in a category unto themselves when it comes to another risk: CEO whaling scams. This is where scammers spend time researching the lives and motivations of CEOs so they can specifically target them with scams from a variety of sources, including email, phone calls, traditional paper mailings, and whatever other means they can use to get in contact with a CEO. This is an extremely dangerous scam because, unlike traditional scams like spam messages where the same message gets sent to thousands of people (and it’s often easy to recognize that it’s a scam), a CEO whaling correspondence is personalized to play on a CEO’s deepest fears and desires. For the scammers that go after CEOs like this, the effort is worth the time investment, due to the simple fact that CEOs make for such lucrative targets.
So, there you have it. CEOs are one of a company’s biggest security risks. For your business, this means you’ve got to take additional measures to ensure the protection of your C-level executives. Generally speaking, the same security plan and policies that work for the average employee won’t cut it for an executive, which is something you need to take into account when coming up with your company’s security and BYOD policy. Need help protecting your company’s data? Give Catalyst Technology Group a call today at (317) 705-0333.