Corporate hacking attacks continue to wreak havoc on businesses worldwide. In the past few years, data breaches at companies like Sony, Target, Home Depot, eBay and JPMorgan have resulted in hundreds of millions of compromised accounts and the theft of sensitive credit card, personal identity and Social Security information.
And that’s just scratching the surface — most hacking incidents don’t generate news coverage because the companies aren’t as well known.
The truth is, hackers target companies of all sizes. IT professionals at small to midsized companies are aware of the dangers and take measures to protect their company’s data. But company security is only as strong as its weakest link, and all too often, employees are the weak link because of poor cyber security practices. Here are seven ways to help them improve:
- Require the use of strong passwords: Since compromised passwords are frequently a gateway for hackers, it’s a good idea to require employees to use passwords that contain upper and lowercase letters as well as numbers and symbols. Help employees create passwords that are easy to recall as well as strong by suggesting that they replace letters with numbers or symbols — for example, “B@seb@11” instead of “baseball.”
- Mandate use of a different password for each secure site and frequent changes. It is important to make sure employees don’t use the same password for every site and to ensure they change it every 30-60 days. To encourage this practice, let them know that when a data breach occurs, cyber criminals often sell the information to third parties before the theft is detected. If they change passwords regularly, there’s a better chance that a new login protocol will be in effect when the third-party buyer tries to use the password.
- Make sure mobile phones and tablets are password or PIN protected: With the rise of the BYOD trend, millions of employees use their own smartphones and tablets to conduct company business, login to secure servers and access sensitive client or company data. And yet too many don’t bother enabling password or PIN protection on their devices, which can easily fall into the wrong hands. Require the use of a strong password on all devices employees use for business purposes to keep information safer.
- Help employees avoid falling for phishing scams: Many big data breaches have started with a so-called “phishing” scam, when a cyber thief calls or emails while posing as a banker, merchant account official or vendor and attempts to collect login information. As IT pros know, a sophisticated scammer can create a website that looks very much like a legitimate site. Make sure employees know that it is never okay to give out account information via email or over the phone.
- Require logoff when employees leave devices unattended in the office: It’s a common practice for employees to leave browsers open when leaving their desktop or laptop unattended, but it’s extraordinarily dangerous since it only takes a few seconds for someone to use an open browser to collect login information and copy passwords. Ask employees to shut down the browser and lock their screens if they’re going to be away from their computer, even for just a couple of minutes.
- Consider deploying a password management system: The two most popular passwords in 2015 were “123456” and “password.” That’s maddening for IT pros, but the fact is, it’s tough for employees to keep track of multiple strong passwords. And if they do use strong passwords, they’re more likely to forget them and require IT’s help to regain access. A secure password manager can be a great solution. It automatically handles password creation and changes and only requires users to remember one master password.
- Provide employees with cyber safety classes: Most employees have good intentions. They don’t deliberately put company information in peril; they’re just not sure how to keep it safe. Consider training new hires on cyber safety and holding classes for current staff to make sure they know how to operate safely online. Providing employees with a manual that outlines company cyber security policies and requiring that they sign an acknowledgement form stating that they understand and will abide by the policies is a great way to reinforce the message.
Most analysts predict that the worldwide cybercrime wave will continue as more devices are connected, more users come online and more data is generated. IT professionals are doing their best to counter hackers and protect sensitive data at the corporate level.
But enlisting the aid of employees in this fight is crucial since they are on the frontlines, and focusing on passwords is essential since so many high-profile cybercrimes start with a compromised password.
By following these seven tips, you can help employees navigate the dangers more effectively and keep your company’s data safer.
Bill Carey, Vice President of Marketing & Business Development at RoboForm
Image Credit: Manczurov / Shutterstock