How your company can protect users, clients, and your own networks this Safer Internet Day
This year, Safer Internet Day (this Tuesday, February 8th) is a chance to check in with your current practices and tighten up your defenses for 2022.
The theme for Safer Internet Day 2022 is “Together for a better internet”. This is a great perspective to step into. Whether you’re a parent, an educator, a policy maker, or a cybersecurity professional, we all have roles to play.
However, for businesses, the incentive to keep employees safe online is multifaceted. Not only is there a legal responsibility to protect both employee and user data, but there are also major benefits to the company itself when individual security is improved.
Compromised credentials–stolen combinations of usernames and passwords–are one of the biggest causes of data breaches. Even a single compromised employee account can be the entry point for a network takeover, leading to major financial and reputational damages.
Here are seven tips for businesses that can help everyone connected to the company.
Cybersecurity practices and expectations can change quickly and seem complicated to those not in the industry. Providing regular training to your team, and engaging them with the ‘whys’ of cybersecurity, can improve individual security habits–for example, increasing users’ familiarity with how to spot phishing emails.
It’s also good practice to send out alerts to employees if there is a spate of ongoing phishing scams targeting your industry or company.
Requiring employees to use password managers can be a way of helping everyone choose stronger passwords. When people don’t have to remember passwords (and worry about entering there several times a day) they are happy to have more unique options
If you have employees working from home, provide them with company equipment instead of assuming that their home devices will be updated, protected, or secured. Unless you have a staff of cybersecurity experts, they probably won’t be (think of shared internet plans, families and kids, and IoT devices). You can also help lock down remote networks by providing VPNs for employees.
While many defensive security postures are aimed at preventing a breach, it’s also crucial to have a plan if the worst does occur. Backing up critical company data, network maps, and relevant customer information can make recovery from an attack much quicker. In the case of a ransomware attack, you don’t want to be left high and dry, and it’s been shown that even if a ransomware attack is paid, businesses tend not to get all their data back. So, back up your systems regularly and frequently.
While increasing password strength is a well-known goal, there are several other ways to improve password hygiene overall. NIST password guidelines can be a good resource to pull from to find solutions that fit your business well. One of the user-driven habits that can be addressed is to create password policies that prevent users from reusing passwords. This dangerous habit creates many vulnerabilities due to the prevalence of compromised credentials.
Multifactor Authentication (MFA) is an excellent way to enforce an additional layer of security–one that’s separate from the password layer. However, studies have shown that voluntary MFA use is very low. So, if possible, a business should require it of their users, for a collective benefit.
Even when there are problems, like password reuse, that are caused by users, the onus falls to businesses to help out. Unlike individuals, companies have the resources to monitor passwords and let their users know if they are compromised. Screening for compromised credentials is a way for a business to protect their clients as well as their own networks, and reputations.
We have a collective responsibility to build a safer internet. Businesses can be incredibly positive and powerful influences in the conversation of online security. Take time this year to check in with your own habits, talk to your employees about theirs, and make a plan to enhance your security.