It’s time to spruce up your data security policy and procedures during this spring season of renewal. Purge harmful and old passwords and other bad cyber habits, making room for proper password hygiene, multi-factor authentication (MFA), and continuous cybersecurity awareness.
One single data breach allows attackers access to critical data/systems throughout an organization – and bad actors probe more than 20 million Microsoft accounts every day. Without clearly defined expectations of good password hygiene and the utilization of MFA included in an organization’s data security policy and procedures, credentials are more likely to be stolen and used by a cyber attacker.
Spring Clean Your Desk and Passwords
Clean Desk Policy
As the workforce starts to head back into an office after two years of working from home, there are many workplace habits that everyone will have to relearn, and having a clean desk is one of them. An effective data security policy and procedures include a Clean Desk Policy, which means employees clear their desks at the end of each day, removing all papers from view, securing confidential information, or shredding data when necessary.
Much of your sensitive information from your company is stored off-screen, like blueprints, system diagrams, printed emails, passwords, invoices, and even receipts. Unauthorized exposure of this information, no matter how low-tech, is still considered a data breach.
This policy protects sensitive documents from anyone who may walk through the facility and view the information, whether intentionally (burglars or malicious employees) or unintentionally (guests or after-hours maintenance staff). A Clean Desk Policy isn’t about surreptitious behavior but instead taking proactive steps to lessen the potential for stolen information.
Setting an expectation for proper password hygiene is another must-have in an effective data security policy and procedures. Consider these five important tips for proper password hygiene:
- Don’t write down passwords on sticky notes, or other documents that may be left around your devices.
- Do not share passwords. If a password is disclosed, change it immediately.
- Do not reuse passwords. All websites or applications should be unique, random and stored within a password keeper (when available).
- Change default device passwords.
- Consider implementing a company-wide password management tool or Single Sign-On Solutions (SSO). SSO is an authentication process that allows users to secure access to multiple related applications or systems using just one set of credentials.
With the ongoing digital transformation, the on-premises infrastructure is being replaced by cloud services, which are just protected by a username and password. Good password hygiene is essential to avoid business email compromise, wire transfer schemes, and other cyberattacks.
Want to learn how to keep your passwords off of the dark web?
MFA: Another Coat of Protection
Think of MFA as an added coat of protection for your organization’s data. Suppose a cyber attacker does get access to your credentials. In that case, MFA is another layer of verification that can help prevent individual account takeover and potential compromise of data throughout your organization. MFA is two or more forms of verifying identity and credentials. It includes different form factors: hardware tokens; authenticator apps/tokens – time-based one-time passwords; push notifications, SMS; emailed codes; or security questions.
There’s a new app created every day that claims to make your work easier or more efficient. Organizations need to ask if the app has MFA built-in and make their buying decisions based on the availability of this critical cybersecurity tool. One of Defendify’s mantras is: “Sure, you can get that software but make sure you turn on MFA.”
Keep It Clean All Year with Cybersecurity Awareness Training
Spring cleaning provides a great refresh, but your cybersecurity program needs to be maintained all year long, just like your home. Part of maintaining your cybersecurity is deploying ongoing cybersecurity awareness training that explains the context behind your data security policies and procedures and why these steps are essential to protect your identity and the organization’s data. The training and context enable employees to defend against emerging or new cybersecurity threats.
Without instilling behavior such as a clean desk, good password hygiene, and utilization of MFA in employees during regular awareness training, exposed papers and even sticky notes can be a potential entry point for a breach. Worse yet, it can be challenging to know who accessed what information – or what they could do with it.
Clear and established policies and employee education and training are part of an all-in-one cybersecurity program that works. With a program in place that also includes threat alerts to receive data breach notifications, cybersecurity assessments, and penetration testing to assess your programs’ vulnerabilities, you’ll be able to solve and overcome any potential problems that spring up.
Resources & insights
Protect and defend with multiple layers of cybersecurity
Faster. Smarter. Stronger.