Common workplace practices could be inadvertently threatening the security of your corporate information; spotting and stopping them is key to protecting your data.
At this point, we don’t need to tell you how important your corporate data is, and you’ve probably implemented some hefty security solutions to ensure it stays out of the clammy hands of those who would like to see harm come to your brand.
What we do need to say is this: human error is still a significant factor in data breaches, and firewalls can’t make up for poor security practices. Every single day, individuals and organisations take part in risky behaviour that puts their data in the firing line. Recognising and curtailing those behaviours is key to ensuring your security measures are airtight. How many strike you as being familiar?
1. Poor Password Practice
If you’ve kept up with the annual ranking of the world’s worst passwords, you’ll know that over 80% of data breaches happen because of poor password practices. Hackers know that the way to an organisation’s corporate information is via its user identities, and passwords offer the skeleton key that unlocks the door to your data. Several organisations have pretty much left that door unlocked, by using easy to guess passwords such as “Password,” “User,” and “Admin.” Needless to say, these organisations were breached, resulting in reputation damage, hefty fines, and a lot of explaining to do.
Furthermore, a study by password manger Lastpass found that 95% respondents shared up to 6 passwords with other people and 59% were regularly re-using passwords. What’s worst is that 61% of respondents said they were more likely to share work passwords than personal ones. Weak passwords are also pretty common, with “123456,” “123456789,” “qwerty,” and “password” making up the top 4 most used passwords of 2019.
Addressing password fatigue and poor practice means considering new ways of logging in for your employees. Adopting Single Sign-On (SSO) allows individuals to access all of their web apps in the cloud and behind the company firewall, using just one set of credentials. This eliminates the need for multiple passwords altogether – no more ‘password123’.
(Psst, we’ve partnered with OneLogin to bring SSO to our customers, to find out more, click here.)
2. Sticking to Two-Factor Authentication
When it comes to authentication, the more factors you have, the merrier you’ll be when your data is safe and sound.
Although many of us now use two-factor authentication in our personal lives – a one-time passcode here, an email link there – robust data security calls for much more. Hackers know that a lot of employees now use a combination of password and mobile pin code login processes, and as such, they’re using new techniques to gain access to phones via sophisticated phishing messages, emails, and the like.
Multi-Factor Authentication (MFA) combines authentication types ranging from passwords and trusted devices, to biometrics and location data. The benefits? While nefarious parties may be able steal passwords – and even gain access to a trusted device – the additional layer of biometric identification stops hackers in their tracks. One great example of this is Microsoft’s Windows Hello for Business – easy yet effective facial recognition technology.
3. Provisioning Accounts Manually
Manually provisioning accounts isn’t just a tedious exercise that costs time and money: it leaves plenty of room for human error. Whether it’s preparing a new employee for day one, or ensuring leavers have had their access revoked, the stakes are too high to leave provisioning and deprovisioning to chance.
Automating the Joiner, Mover, Leaver (JML) process using Microsoft Identity Manager is a great antidote to this problem. Not only are staff freed up to focus on more pressing work, but individuals always receive the permissions they need, at all stages of their career with the company. In turn, this means a juicy security upgrade for the organisation, and the closing of a sizeable hole in the security perimeter.
4. Downloading Unsafe Apps
There a millions of apps in the App store, but are they all safe? Not necessarily. Between Shadow IT – using third party apps to meet the team’s needs without the IT department knowing – and blind faith in the security of the app store, employees are putting their mobile devices at risk by downloading apps.
While there’s a lot to be said for the use of applications in the workplace, some are known to collect and leak data, while others – in the case of Shadow IT – create an ecosystem of solutions that exist outside of the IT department’s remit, as well as the security perimeter. They can’t manage information shared on apps they don’t know about, nor can they monitor and react to threats, so ensuring all mobile devices are being managed centrally, and that staff are educated on downloading apps, is key to keeping things under control.
5. Unsafe BYOD
The workplace is almost unrecognisable in our modern world, with a remote working revolution taking off. At the heart of this new approach to the 9-to-5 is Bring Your Own Device (BYOD) culture. Not only does it allow employees to use machines they’re comfortable with, it also cuts the cost of overheads for the business, and opens up greater opportunities with hiring new talent further afield.
Of course, there are some serious caveats to consider with BYOD, with the security implications topping them all. Thankfully, securing BYOD needn’t be a mammoth task, with the likes of Microsoft and Lookout having organisations’ backs.
Microsoft Intune, for example, allows organisations to manage and protect access for mobile devices and apps from the cloud. As employees move beyond the perimeter of the office, it’s a good idea to focus on protecting the corporate data within their devices, rather than just the devices themselves. Lookout’s security solutions, meanwhile, establishes continuous conditional access to data, allowing more control and security.
In short, your team can bring their own devices, if you bring the right security measures to the table.
One Day at a Time
The bottom line of this article is simple: hackers are getting smarter, threats are becoming more sophisticated, and organisations need to up their game if they’re to stay one step ahead. While the above points are common daily occurrences, they can all be negated or reversed, just by taking it one day at a time, tweaking security measures and introducing new solutions to protect people, devices, and data.
Making changes now – starting with the above – will do wonders for the organisation’s security, and by tomorrow it’ll already be in a much more secure position than it was before.
Need some assistance transforming your business’ practices to be more secure? Our team are here to help. Simply get in touch to hear back from one of our experts.