It’s the new year! Time to break out the old pad and paper for some new years resolutions. If one of your company goals this year is to improve your security posture (a worthy goal for any organization), here are three smaller resolutions you can keep to help you do just that:
- If you don’t already, use two factor or multi-factor authentication (TFA or MFA) instead of just a password for restricted access. The benefits of multi/two-factor authentication can’t be ignored. There are many different options for two-factor, including computer passwords paired with passcodes generated by cellphones, keycard access to restricted areas as well as biometric access, or a physical USB key (already in use by some big companies). Of course, MFA is not the be all and end all for security solutions (nothing ever is), but forcing employees to go an extra mile to protect sensitive company information only makes your security solutions more enriched and harder to overcome.
- If you use public cloud, resolve to keep private data just that: private. Remember the S3 bucket leaks? Those rather embarrassing data leaks of major organizations and agencies (the Pentagon comes to mind) were the result of poor and insecure configurations of S3 buckets, not the Amazon S3 buckets themselves. Sure, Amazon could have originally put warnings in place to alert administrators of possible public exposure before it happened (and should have, and later did put those changes in place), but pay attention, people! Double check and triple check your configurations. Make it a collaborative effort if possible so that more than one pair of eyes is on your work.
- Create security policies and processes in place that everyone in your organization can follow, not just the IT team. Your people may be your biggest strength as a company, but they’re the biggest security weakness. Sadly, not everyone is a security expert, and they probably don’t even care how their online habits affect the company’s risk profile, let alone understand it. Helping them understand the risk of a security breach without going into a bunch of boring technical detail can go a long way towards strengthening the security stance at your company. By blocking certain web content that could be deemed dangerous, teaching some basic safe online habits and encouraging employees to report suspicious emails, you can help foster a culture of awareness and give employees a sense that they’re contributing to the cause of keeping their company safe.
As you hit up the gym and start taking salads for lunch again, resolve to make progress towards improving your company’s security posture as well to help prevent data breaches. We think this is one resolution you’ll want to keep this year!
Resolved to do more for your company in 2019? We can help! Contact us to get started.