Believe it or not, the users on your network represent the biggest threat to your security. How? Simply because users tend to hand out their account information way more than they should. In this week’s episode of Tech Tip Tuesday, we covered how Multi-Factor Authentication protects your account. Following that up, here are a few tips to keep your account secure.
Don’t Give Anyone Your Password.
Really. Don’t do it. Anyone who has a legitimate reason to work on your system shouldn’t need your password to do so. If someone asks for your password, giving it to them hands them the ability to access your account without your permission. At that point, they can pretend to be you. If someone needs an email you have, forward it to them. Anyone who should need access to your computer or account should already have that access without needing your password. Hopefully, this goes without saying… don’t write your passwords down on sticky notes.
Passwords Are Out. Passphrases Are In.
Human beings display a fatal flaw when picking out passwords. We automatically resort to selecting something easy for us to remember. Some people are still using “123456” and “password”. Of course, you probably selected a more advanced password than that. However, using the name (or initials) of someone important to you combined with the date they were born, you met, or got married isn’t much of an improvement.
Rather than use a password, start using a passphrase. A password typically looks like something mentioned above. It consists of a single word with a number or two. Maybe you added an exclamation point. A passphrase looks more like “batman-has-no-superpowers”. A passphrase gives you the best of both worlds. The length makes it much harder for hackers to guess. The phrase makes it easy for you to remember. If you mix a few numbers in there, the odds of being hacked decrease even more.
Use Multi-Factor Authentication.
As mentioned at the beginning, we just covered this topic on Tech Tip Tuesday. You can see how it works by watching the video, but here is the basic concept. Multi-Factor Authentication (MFA) adds an additional step to the sign-in process. After entering your username and password, you’re asked for an additional verification code. You’ll receive this code via email, SMS text message, or an app on your mobile device. These codes are randomly generated and only valid for a short time.
While it makes the login process a tiny bit longer, the additional security makes that step worth it. While someone might steal your password, they’d also have to steal your phone in order to use it. If someone goes to that much effort, what did you do to make them so mad? 😉
Let Your Users Know.
You’re only as strong as your weakest link. The same is true of your network. The greatest hardware in the world can’t protect you from uninformed users or users who won’t listen. Make sure they’re following the guidelines you’ve established. Additionally, make sure that they’re continually educated on best security practices. Security is constantly changing, so your users will have to keep up with those changes.
Not sure where to start? Just ask us for help. Request a consultation below, and we’ll identify your network’s weak points. Let Pit Crew IT Services give your organization a tuneup and put you on the path to making your network more efficient and secure than ever!