Following on from our last article, we’re going to be covering three more crucial cybersecurity areas and providing cybersecurity tips for employees.
Username & Password Management
Although it should be common sense, employees need to avoid the use of passwords that are easy for hackers to guess. Among the top ten worst passwords, according are those that use a series of numbers in numerical order, such as “123456.” The names of popular sports such as “football” and “baseball” are also on the list, in addition to quirky passwords such as “qwerty” and even the word “password” itself. Emphasis should also be placed on the importance of avoiding common usernames.
How Attackers Exploit Weak Passwords
While most websites don’t store actual username passwords, they do store a password hash for each username. A password hash is a form of encryption, but cybercriminals can sometimes use the password hash to reverse engineer the password. When passwords are weak, it’s easier to break the password hash.
Here is a list of common word mutations hackers use to identify passwords if they feel they already have a general idea of what the password might be:
- Checking all combinations of upper/lowercase for words.
- Capitalising the first letter of a word.
- Inserting a number randomly in the word.
- Placing numbers at the beginning and the end of words.
- Replacing letters like “o” and “l” with numbers like “0” and “1.”
- Punctuating the ends of words, such as adding an exclamation mark “!”
- Duplicating the first letter or all the letters in a word.
- Combining two words together.
- Adding punctuation or spaces between the words.
- Inserting “@” in place of “a.”
Tips to Strengthen Password Cybersecurity
- Change passwords at least every three months for nonadministrative users and every 45-60 days for admin accounts.
- Use different passwords for each login credential.
- Avoid generic accounts and shared passwords.
- Conduct periodic audits to identify weak/duplicate passwords and change them as necessary.
- Pick challenging passwords that include a combination of letters (upper- and lowercase), numbers and special characters (for example, “$”, “%” and “&”).
- Avoid personal information such as birth dates, pet names and sports.
- Use passwords or passphrases of 12+ characters.
- Use a password manager such as LastPass where users need just one master password.
- Don’t use a browser’s auto-fill function for passwords.
An advanced security technology to consider is two-factor authentication. After the end users log in, they receive a text message with a passcode to authenticate their ID. This approach ensures that end users not only know their passwords but also have access to their phones.
Mobile security is an increasing concern as more and more companies adopt Bring Your Own Device (BYOD) environments, which allow end users to connect to corporate networks through their own (often multiple) devices. Businesses must secure these personal endpoint devices that are not completely under their control, and therefore, pose greater risks.
Employees who utilise unsecured public Wi-Fi are another area of concern. Hackers in the vicinity of or on the same network can overtake a device and capture sensitive data in transit. The end user can then become the victim of a man-in-the-middle attack, also referred to as hijacking. The hacker leverages the device so that it turns into an invasive device against other unsuspecting end users.
How Employees Can Secure Their Mobile Devices
- Set a PIN or passcode
This is the first line of defence. If someone wants to access the device, they first need to break the code. Some device manufacturers also provide the option to automatically wipe the device after a few unsuccessful attempts.
- Use remote locate tools
Several software solutions help locate lost or stolen devices through GPS and geofencing capabilities. Apple offers a service like this for mobile devices named “Find My iPhone.” For Android users, the Android Device Manager offers a similar service.
- Keep devices clean
Today’s mobile phones are essentially mini computers, and they need to be cleaned up from time to time. Utilizing an antivirus and malware scanner is always a good idea.
Secure Website Browsing
When end users venture out onto the Internet, it’s easy to get tangled up in the vast web of threats. Some threats are readily apparent, but others are well hidden. Malvertising is a form of malicious code that distributes malware through online advertising. It can be hidden within an ad, embedded on a website page or bundled with software downloads. This type of threat can be displayed on any website, even those considered the most trustworthy. Another website browsing threat involves social media. According to an article in The Huffington Post, some of the most common Facebook hacks and attacks include clickjacking, phishing schemes, fake pages, rogue applications, and the infamous and persistent Koobface worm. Twitter isn’t immune to security issues either.
Website Browsing Best Practices for Employees
- Be conservative with online downloads.
- Interact only with well-known, reputable websites.
- Beware of antivirus scams.
- Confirm each site is genuine.
- Determine if the site utilises SSL (Secure Sockets Layer), a security technology for establishing encrypted links between web servers and browsers.
- Don’t click links in emails. Go to sites directly instead.
- Use social media best practices.
The Value of an MSP in Ensuring Employee Cybersecurity
Partnering with a Managed Services Provider (MSP) that focuses on IT security solutions can bolster your cybersecurity defences. This is especially true when it comes to employee training. All the tools and solutions in the world can’t protect your business from human error. Viruses can also do serious harm to information, so consider IT Provider who can provide complete endpoint management. Endpoint technology scans downloaded apps and devices for any threats and provides a heads-up if malicious activity is detected.
Strengthening your business’ cybersecurity posture begins with educating your employees. The tips provided within this article can go a long way in making sure sensitive information does not fall into the wrong hands. In today’s world of advanced hackers, your confidential information is at risk, but a comprehensive cybersecurity defence can stack the odds in your favour.
Let’s talk about your needs and how we can help!