By: Clay Miller, CTO, SyncDog
With each passing headline that screams of yet another company hacked, municipality breached, and healthcare system network rendered inoperable, it has become evident to executive leaders that organizations’ data security is a company-wide concern, not just the IT team’s responsibility.
An Evergreen Cybersecurity Pitfall
Protocols are only as good as the person following them. Around 50% of companies acknowledge that employees are their top cybersecurity threat. Human factor vulnerabilities are most often caused by a lack of security knowledge and training, and occasionally from insider threats. The NSA learned this lesson the hard way with Edward Snowden. There is no surefire workaround for human error, but there are steps that can be taken to enforce security protocols and build a strong security culture.
Use Enforceable Security Protocols
As it can be challenging to predict and anticipate employee behavior (including mistakes), the best protocols for protecting corporate data are those that can be technologically enforced. As far as tools and methodologies go, businesses can expect the most bang-for-their-buck by implementing password resets across any and all logins for assets such as email servers, network IDs, software tools, etc.
Caveats of Passwords
Password reuse across logins is a compounding factor that increases risk. The longer a password is in use, the higher the probability it can be compromised. Unfortunately, reuse and not changing passwords frequently enough are both common practices for the average user. If an employee’s personal email password is compromised, it is very easy for the attacker to go through all other accounts they can locate and try the same password, including associated business accounts.
Steps Towards Password Hygiene
Enforcing mandatory password resets across all organizational logins at set intervals mitigates some of the aforementioned risks. Combined with strong password requirements, it can be an important part of an overall security strategy. When it comes to mobile security for companies with a BYOD policy, sandboxing corporate data from employees’ personal data within an encrypted workspace, such as Secure.Systems, adds an extra layer of protection. With all your company’s major productivity applications in one spot, your employees will just need one password to get to work!