4. Two-factor authentication
Everyone at your business needs to protect their accounts with strong, unique passwords. If someone uses the same set of characters to log into everything, theyβre putting your company at risk. You can limit the number of passwords that people need to remember with Single Sign-On (SSO). As the name implies, SSO lets staff log into multiple apps and services with the same credentials, reducing the number of unique passwords they need to come up with and manage.
It doesnβt matter, however, if your team needs to remember one or 1,000 passwords. All of them still need to be strong and unique. You can solve this problem byΒ adopting a password manager like 1Password. It will also give you a secure and convenient way of sharing credentialsΒ - no more shared spreadsheets or sending passwords insecurely over email.
Staff should also be encouraged to set up two-factor authentication wherever possible. The extra layer of security will protect accounts from hackers who have discovered or deduced a password.
Beyond credentials, you should focus on access and segmentation. Check that only team members and trusted guests can access your chat app of choice, such asΒ SlackΒ orΒ Microsoft TeamsΒ . You should also use groups and rooms, each with their own privacy settings, to keep information on a need-to-know basis. Similarly, every video call should be password protected and limited to participants that have been invited beforehand.
Finally, letβs talk about email. Despite being more than 50 years old, email remains the backbone of business communication. Itβs also a prime target for social engineering, which was a top three cause of incidents and breaches in 2020,Β according to research by Verizon. Hackers will often impersonate a reputable company or person,Β a tactic known as phishing, and encourage employees to click on a link that seems perfectly legitimate, but actually sends them to a site designed to steal their credentials and other sensitive information.
You should teach your employees how to spot and report these emails. They should check the senderβs email address, for instance, watch out for typos, and be wary of any language that suggests they need to take urgent action. If they werenβt expecting the email, you should advise them to check its authenticity by reaching out to the original sender with a new email, Slack message, or phone call.