The latest big cyberattack is the SolarWinds hack. This information security compromise, arising from the hack of an information technology firm, is said to have had far-reaching consequences, going as far as impacting the United States’ national security. However, while large-scale hacks such as these make waves in the international media, thousands of more minor security breaches go unnoticed.
According to a recent study by the National Cyber Security Alliance, 60% of small and midsize businesses that experience a cybersecurity attack collapse within six months. While these cyberattacks don’t hit the headlines, the statistic does send home the message about the importance of data security and how to ensure the security of an organization’s information.
Keeping the significance of the issue in mind, Packetlabs has compiled a shortlist of steps businesses and organizations can take to protect themselves from hackers and reduce the chances of your sensitive information falling into the wrong hands.
1. How to secure information in your organization with strong passwords and good password practices
According to NordPass research, “123456” and “123456789” topped the list of the most common passwords in 2020! Considering the average person has approximately 100 passwords (as per data from another research), it is only understandable that people resort to easy to crack/guess passwords. But that still makes it unacceptable.
So, what constitutes a strong password? Passwords must be impossible for another person to guess simply, and they must belong and be complicated (to everyone other than yourself). One way to accomplish this is by using a passphrase or a catchphrase. This can be as simple as stringing together names and initials of different items around you along with a few numbers and special characters, and voila, you have a unique and strong password.
If you want to make your password even stronger, you can opt for a password manager or management application. This software generates random passwords for you and securely stores them, thus saving you the hassle of remembering the password.
Beyond strong passwords, any organization serious about safeguarding its data absolutely must enforce simple yet proven password practices. Here are a few commonly recommended rules that your employees should follow.
- Passwords should never be shared between different applications and accounts.
- Autofill must be avoided.
- Never keep a list of passwords (digitally or physically)
- Sharing passwords with others should be a strict NO.
2. Maintain a robust BYOD policy to secure your organization’s information
Since the pandemic, the number of employees working from home has increased. 82% of the Canadian workforce, according to a survey, worked remotely. Naturally, this increases the chances of people using personal IT devices, including smartphones, to access sensitive company information and data, which increases the risk of a data breach.
The answer to this problem is not to totally ban personal devices but to enforce specific policies, which can reduce the risk of an IT security mishap while also ensuring employee convenience.
Measures should be taken to ensure personal devices are configured as per your organization’s security standards. This includes keeping applications up-to-date and installing security and access-control software if required.
If required, access to certain sensitive data can be restricted to only company-provided devices.
In short, steps must be taken to align the security of your employees’ devices to that of your company.
3. Dispose of unused or old assets safety to prevent them from falling into the wrong hands
The old computers you are planning to replace may no longer be helpful to you, but they could be a goldmine for data thieves searching for sensitive information. Hence, ensure that your old hard disks are wiped clean using professional software before you send them to the recycling center. The same applies to papers and receipts. Always be mindful of what you drop in the bin. Your employees working from home must follow the same steps while disposing of digital and physical assets that belong to your organization.
In today’s digital-driven world, data security is not guaranteed. However, you can take specific necessary measures to secure the information in your organization and your client’s data. Besides the simple security steps mentioned above, one preemptive action to ensure information security is to opt for penetration testing. Also referred to as pen testing, it can help expose cracks in your IT systems and patch them before a malicious actor discovers and exploits them.
PacketLabs’ simulated cyberattacks are more than a vulnerability scan and provide your organization with the necessary knowledge to shut the door on hackers. You can write to firstname.lastname@example.org or visit our website for free quotes on our pen testing services for more information.