As a business owner or executive, you’re probably investing in some high-tech IT security measures to keep your company’s data safe and out of the wrong hands.
What about the simple, low-tech cyber security steps?
Unfortunately, sometimes people overlook the simple things they can do to mitigate the risk of someone getting hold of something that they shouldn’t.
The good news is that there are a few simple steps you and your employees can take to immediately lower your cyber risk, like:
- Keep Your Password to Yourself
- Sensitive Information Should NEVER Be Emailed, Photographed, or Sent Through Text
- Log Off (or Lock) Your Computer When You Step Away from Your Desk
- Set Up Multi-Factor Authentication (MFA) for Your Devices and Important Applications
- Restrict Local Administrator Privileges
Let's dive in.
1. Keep Your Password to Yourself
Passwords can be hard to remember, especially if you just changed them or if you’re a new employee, so sometimes people will write it down and keep it handy.
Most people can’t easily memorize a seemingly endless list of username and password combinations, so they come up with their own personal system to remember. This could be writing their passwords down or reusing the same password across multiple platforms – or *gasp*, they may even do both!
It’s become a big problem.
A study by Virginia Tech’s Computer Science Department’s researchers looked at 28.8 million users and their 61.5 million passwords over 8 years and found that 52% of users reused or only slightly modified passwords, and 38% had used the same password for two different services.
That makes it much easier for hackers to get in.
Another thing that makes hackers' lives easier (and therefore should be avoided) is saving passwords to your browser. It’s super convenient, but if someone got access to your computer, they’d also have easy access to all the websites where you’ve saved your password.
If keeping track of passwords is a challenge (and let’s face it, it probably is) consider a password manager.
There are plenty of corporate solutions, like LastPass or Dashlane, but if that’s not on the table right now, your employees could use the password manager that’s built into their work cell phone.
2. Sensitive Information Should NEVER Be Emailed, Photographed, or Sent Through Text
If you need to share sensitive information with someone, such as credit card numbers, account information, usernames, or passwords, tell them in person or over the phone.
Sending that data electronically is risky. Here's why:
If your account were compromised -- or if the recipient's security wasn't up to snuff -- a hacker could intercept your credentials or sensitive information to sell for a pretty penny on the Dark Web. So, not only would they have it to do what they want with it, but other high bidders could get it too.
3. Log off (or Lock) Your Computer When You Step Away from Your Desk
How often do you leave your house without locking your doors? Probably not very often.
Leaving your computer unlocked when it’s not in use is similar, and is essentially leaving an open door to your network.
It may seem unlikely that someone would mess with your computer while you’re over at the copier – and it probably feels even more unlikely now with many people working from home. But things happen. Small hands start pushing buttons and you never know what they could have accidentally done!
It’s worth taking the extra couple of seconds to enter your password when you return to prevent unauthorized users from accessing your computer while you step away from your desk.
4. Set Up Multi-Factor Authentication (MFA) for Your Devices and Important Applications
Multi-factor authentication (MFA) means you take one more step to prove that you are who you say you are. It could be a one-time code or clicking on a push notification. It’s a proven way to lessen the likelihood of a data breach through a compromised password.
If your password gets compromised, the hacker still won’t be able to access your account without the magic code or notification tap.
5. Restrict Local Administrator Privileges
Local admin rights give users the power to do virtually anything to their machine – they can install, uninstall, and make other changes to their computer without needing help from anyone else.
Seems harmless, right? Well, it has its risks.
As Voltaire (or Peter Parker as Spider-Man) says, “With great power comes great responsibility.”
Since local admin rights come with so much access, users could potentially uninstall something IT needs to keep the computer protected (thus keeping the company’s network protected), or they could download something that unintentionally compromises security.
Local admin rights should be reserved for IT personnel.
IT security is an uphill battle and there’s no way to be 100 percent infallible. But with the right cyber security layers in place and with employees following your organization’s cyber security best practices and policies, you'll sleep better at night knowing your risk is reduced significantly.
Consider implementing these 5 simple cyber security tips today! Need help? Give us a call or fill out the form here to request a cyber security assessment. Our IT support and cyber security professionals would be happy to review your situation and offer recommendations.
Editor's Note: This article was originally published in February 2015. It has been completely revamped and updated with the latest cyber security tips.