There are many issues that businesses around the world have to overcome in the most efficient way possible in order to optimise their operational efficiency. However, some things cannot be compromised on: safety and security. This blog will discuss the measures that companies can take in order to ensure the quality of their online security systems both internally and externally.
Most companies and office employees use many different accounts, applications and websites in their day-to-day work activities. These can range from two or three to more than 10 different platforms, depending on the nature of the job in question.
It will come as no surprise that, of course, these accounts require secure passwords which must be entered in order to access a certain website, platform or application. But how can you make sure you’ll remember the passwords to each of them? And how can you ensure that the passwords you have created are strong enough to guarantee your accounts’ security?
A recent Verizon Data Breach Investigations Report revealed that over 81% of data breaches are caused by hacked passwords. This can happen when the chosen passwords are far too weak or predictable, or if they’ve simply been stolen. Well, there’s a solution to your troubles.
A Password Manager. This is a software that can remember all your website and application passwords, including email and social media accounts, banking log-in details and more, that you want to have saved in a secure system. That way, you’ll be able to access these accounts by simply autofilling the passwords with the simple click of a button. Since you won’t have to remember these passwords, you can use Password Managers, such as LastPass, to create unique and complex passwords which would be impossible to guess. Moreover, such software usually comes with a Password Generator, which actually generates secure passwords for you that no system or person can hack.
The only thing you will have to remember is the master password to your Password Manager. It is then, of course, crucial that you create a complex master password and ensure that you remember it. Prepared for any scenario, Password Managers usually advise adding a trusted emergency contact who will also receive the details to the master password, should you at some point forget it.
Many Password Managers also include a Multifactor Authentication or two-factor authentication in the security services that they offer, where a user is required to enter a second piece of information before allowing access to the account. This can be achieved by adding your mobile number to your Password Manager account which in turn allows you to further secure your accounts. Usually, after entering the master password, you will be able to log-in after receiving an SMS passcode or another generated piece of data that only you will have access to.
Password Managers can be downloaded both for personal and business plans, for a monthly fee per user. Costs differ according to the chosen plan.
Here are some recommended Password Managers that are widely used by companies around the world:
User Access Control
One of the important steps that companies must take in order to mitigate any potential security risks is the implementation of an access control system within an organisation.
Internal access controls are put in place in order to ensure that each individual user only has access to the resources that are necessary for him or her to complete tasks, whilst preventing access to resources that are deemed irrelevant or unnecessary to a user. For example, if an employee is responsible for doing a company’s finances, there is no reason for him to have access to the organisation’s social media accounts.
Similarly, users who have publishing rights for Facebook may not have rights to access the company’s Instagram and Linkedin pages. An admin usually decides who has access to each specific channel, simplifying this process by creating user groups which can make it easier to find out which users have rights to what channels on the platform.
Another important factor to keep in mind is the login process and where it can be done from. Businesses are advised to control and limit logins from multiple systems, using IP restriction settings that only allows users to connect to the network from their office or another predetermined location. Media Injection currently offers an IP restriction service that allows businesses to choose which IP addresses can be used (or blocked) in order to connect to a company’s network. Such services have been gaining popularity and are strongly recommended in order to keep your accounts and privacy secure.
Furthermore, the time in which a user can access certain resources should also be kept in mind. Users could, for example, only be allowed to log in to their company’s network during working hours, unless a specific exception is made.
Third Party Access
Considering many companies work and partner up with other businesses, accesses and rights are often handed over in order to make the workflow more efficient. A good example of this is companies that employ advertising agencies to create marketing campaigns and more for them.
In some cases, these ad agencies will need to access some of the company’s resources, whether it’s for statistical research, a look into the company’s previous work, access to the social media channels etc. It is at that point important to be clear about the specific access that these third parties will be granted, and which users will be allowed to work on and access the specific channels and resources. Far too many companies tend to give third parties, such as ad agencies, full access to all available channels and resources. This is not an advisable step at all. By allowing these third party users to only access specific resources, the risk of any potential malpractice can be minimised or avoided.
A common problem that can present itself in companies is taking too much time to remove someone’s access to the network and channels after the person has left his job or company, especially in the case of an employee’s contract termination. It is therefore important for businesses to respond quickly, as intentional and malicious actions undertaken by previous employees could cause considerable damage to the network and even the organisation. Ruining a company’s online reputation can be done quickly and easily. Therefore, in the case of a former employee, a user should be effectively removed from any and all groups after the exit interview has taken place, thereby maintaining security.
There are many things organisations can compromise on but we firmly believe privacy and security aren’t up there with them. It is after all better to be safe than sorry! What do you make of these security measures? Does your company also have similar rules in place? Let us know in the comments section below!