Whether they consider themselves to be a black hat (cybercriminal) or a white hat (security researcher), one thing all hackers can agree on is the fact that a password is not enough to keep them out.
Most businesses take extra security measures beyond a simple password, but there are certain steps that are more successful, or more of a deterrent, than others. Here are five things you can do to protect your business from hackers:
1) Thorough IT Security Awareness Training For Employees
A hacker’s ability to gain access to systems, networks, and accounts can often hinge on the unwilling assistance of another human being. In this case, one of your employees. Phishing scams are still a popular tactic, and they’re becoming more sophisticated.
Ongoing cybercrime awareness training for your employees can help eliminate some of the risk posed to your business’ security by genuine human error. This is becoming increasingly necessary as the use of personal devices for business purposes continues to grow. Employees need to know how to use technology intelligently and safely, and be kept up to date on current threats so they can be your first line of defence against hackers and malware attacks.
2) Limit Admin Account Access
The number one target for hackers is administrator accounts, usually referred to as admin accounts. Admin accounts are essentially an all-access pass to your systems and network. If an admin account is compromised, a hacker can roam freely inside your secure network, stealing files or planting malware undetected.
The best way to protect against this situation is to limit the use and access of admin accounts. Have employees – including IT staff – use standard user profiles whenever possible, elevating their user privilege only to access approved applications. By not allowing the daily use of what amounts to a skeleton key, you can limit the damage a hacker can do if an admin account is compromised.
3) Protect System Account Passwords
Not to be confused with an admin account, a system account is not necessarily associated with a specific user. In fact, most businesses have more active system accounts than they do employees. System accounts often extended to devices, systems, and other pieces of hardware, allowing them to communicate with one another over the network.
These accounts can remain active and retain access to sensitive data and applications even after the device they originated with has been deactivated or removed from the network, and if a virtual machine – a means of having multiple computers share the same hardware – is cloned, the privileges associated will be cloned as well.
If a hacker gains control of a system account, it offers them the same freedoms that an admin account would.
Many businesses use spreadsheets to keep track of these accounts and their passwords, which is not a good idea. A spreadsheet program can easily be compromised once a hacker gains access to your network, giving them a handy list they can use to break further into your secure systems.
The best method of keeping privileged accounts secure is to implement a program to automatically detect and store privileged account information, schedule routine password rotations, and monitor and audit the use of these accounts and their passwords to detect unauthorised access.
4) Limit Unknown Applications
Be aware of which applications are authorized to run on your network, and ensure their passwords are protected. Applications should be carefully inventoried, and their passwords handled much the same way as privileged accounts. You can’t protect something you had no idea existed. This leaves your network and systems vulnerable in areas you wouldn’t even think to monitor.
5) Use Security Best Practices to Protect User Passwords
Just because admin and privileged accounts are the “big game” targets, that doesn’t mean run-of-the-mill user accounts are safe from hackers. Any end-user account can be used to gain access to your network and systems, and even limited access can be used to do harm.
Instruct employees to guard their password carefully, and to use something that is simple and unique to them, but not blatantly obvious like a date of birth, pet’s name, or favorite sports team.
If you decide to implement frequent required password changes, provide an easy and secure method for employees to reset forgotten passwords. They’re less likely to carelessly write it down somewhere it could be discovered by an unauthorised individual if they don’t have to jump through hoops when they inevitably forget it.
Want to learn more about how you can keep your business safe from hackers and other cyber threats? Contact us today at firstname.lastname@example.org or 1300 CORSOL. We’re the trusted IT experts for businesses in Sydney.