Email is easily one of the most-used communications in business today. Do your employees know how large of a responsibility they have to your business’ security just by using email? In order to prevent unfortunate security blunders (aka: “human error”), you need to make sure you and your employees know a few best practices when it comes to handling email securely. ActiveCo takes pride in ensuring our end user base receive monthly security awareness training through our managed consulting services.
Yes, it can be annoying to have to enter a password everywhere, and yes, it can be hard to remember a different one for every account. However, your employees need to know why they have to deal with these annoyances, and why they can’t just use their pet’s name with the year they graduated and call it a day.
The fact of the matter is, too many people want to do just that: significant personal detail, significant number, password done. Cybercriminals know this, and are more than willing to put in the time and effort to find out about one of your employees if it gets them access to a bigger prize. Using social engineering tactics and studying what they can of online activity, these criminals can gain a significant amount of information about your employees (or even you) with relatively little effort.
ActiveCo says: This is a large part of why new compliance regulations are being implemented across Canada, USA, UK, Australia and most major countries around the world.
Without better password practices put in place, hackers could deduce the password of someone in your organization… especially if the email password is reused repeatedly to gain access to other facets of the business.
If remembering x-amount of different passwords is a concern, we suggest speaking with your team and implementing a password manager, a program specifically designed to protect passwords and reduce the number that have to be recalled.
Depending on how your company deals with email, for example, if you are using Outlook, your employees probably aren’t typing in their email passwords very often, if at all. This puts the email password even further from top of mind, but it’s important to remember that these passwords need to be changed regularly and kept secure.
2FA, or “Two-Factor Authentication”
What’s more secure than a password? Two passwords! – or at least, a password and an additional code that is generated when an account is being accessed. This is how 2FA works – in addition to their usual password, an employee needs to provide a generated code (usually obtained via their mobile device) in order to access an account. As a result, a hacker who happened to steal some passwords from some database somewhere still wouldn’t have enough information to access your accounts–and because the second piece of authentication is delivered by some other means, like a number generated by an authentication app on the user’s mobile device, the hacker would have that much harder of a time obtaining that as well.
However, assume that nearly every form of authentication is either under attack, or already hacked. Scammers have ways to tricking people into revealing their information, including getting access to the unique PINs and codes mentioned above.
Please reach out to ActiveCo if you have any concerns, or misunderstandings about how to best secure your business environment for mobile devices.
Clicking What Shouldn’t Be Clicked
Phishing attacks can be effective against any level of an organization – an intern could mistakenly let in a threat, as could the president or CEO…and anyone in between.
These threats are often known as phishing scams, as the attacker simply casts out their net and waits for someone to take the bait. These scams often leverage emails that include links to quite convincing facsimiles of the site the link purports to direct to. Unfortunately, this only makes phishing a bigger threat.
Another favorite attack like this that cybercriminals like to use is to include a good, old-fashioned virus in an attachment. If you aren’t expecting an attachment in an email, don’t click it! In addition, it always helps to run a quick virus scan if you aren’t sure.
For help in running these scans and maintaining your security, or with any other IT questions you may have, you can always turn to the professionals at ActiveCo Technology Management. Reach out to us by calling 604.931.3633.