Software
Everyone at your business needs to protect their accounts with strong, unique passwords. If someone uses the same set of characters to log into everything, they’re putting your company at risk. You can limit the number of passwords that people need to remember with Single Sign-On (SSO). As the name implies, SSO lets staff log into multiple apps and services with the same credentials, reducing the number of unique passwords they need to come up with and manage.
It doesn’t matter, however, if your team needs to remember one or 1,000 passwords. All of them still need to be strong and unique. You can solve this problem by adopting a password manager like 1Password. It will also give you a secure and convenient way of sharing credentials – no more shared spreadsheets or sending passwords insecurely over email.
Staff should also be encouraged to set up two-factor authentication wherever possible. The extra layer of security will protect accounts from attackers who have discovered or deduced a password.
Beyond credentials, you should focus on access and segmentation. Check that only team members and trusted guests can access your chat app of choice, such as Slack or Microsoft Teams . You should also use groups and rooms, each with their own privacy settings, to keep information on a need-to-know basis. Similarly, every video call should be password protected and limited to participants that have been invited beforehand.
Finally, let’s talk about email. Despite being more than 50 years old, e-mail remains the backbone of business communication. It’s also a prime target for social engineering, which was a top three cause of incidents and breaches in 2020, according to research by Verizon . Attackers will often impersonate a reputable company or person, a tactic known as phishing, and encourage employees to click on a link that seems perfectly legitimate, but actually sends them to a site designed to steal their credentials and other sensitive information.
You should teach your employees how to spot and report these emails. They should check the sender’s email address, for instance, watch out for typos, and be wary of any language that suggests they need to take urgent action. If they weren’t expecting the email, you should advise them to check its authenticity by reaching out to the original sender with a new email, Slack message, or phone call.