Are you making smart IT choices? Technology security is a topic that constantly makes headlines, recently with a large political organization being hacked by a foreign country. Breaches like this should remind companies to shore up their defenses and safeguards, which can be easily done with a strategy to authenticate your passwords.
Passwords should be meeting minimum standards that most companies have employed. Passwords are required to be at least eight characters long and include an alpha, numeric and special character. This makes a brute-force hacking attempt unlikely to succeed. You should also update your passwords regularly. Most businesses have passwords expire every 90 days. Some companies use longer or shorter expiration dates, but what is important is that they do expire.
Strong passwords are a step in the right direction, but what happens if someone does get ahold of a password to log into the system? Passwords are meant to authenticate an authorized user of the system, but it does not authenticate the person who entered the password. Fortunately, there is now an option that allows for the user to validate that they are the ones who have entered the password and not some hacker or malicious co-worker.
Our firm has started using a dual authentication service for logging into our computers. This means that even if someone had my password, they would still be unable to log in without using one of two authentication methods. First, by entering the matching additional password generated by a corresponding key fob. Second, by selecting a check mark on my phone (which also is password protected) when it uses a push notification to verify I am logging in. The key fob option is now commonplace with business accounts at banks, so many people are already familiar with this type of authentication safety measure. This may be one of the more reliable approaches to protecting online accounts that can be accessed anywhere. This type of security measure is effective if implemented correctly, and is not much of a hassle either.
People naturally resist change and adding a step in an easy process is hardly a welcomed effort. Ensuring the safety of electronic information is worth the extra 5 seconds it takes to log in (we’re pretty sure our clients would agree). Some online games have taken the leap and have adopted dual authentication. Which begs the question…if it is being used to protect an account someone uses to play a game, why should your company not be implementing similar measures to protect sensitive data?
We may not be IT experts by trade, but we know how to make it happen (and who you need to talk to). Give me a shout to talk about our security strategy, what we advise for our clients and how to take the first step.
About the Pro
Meet Josh DeBoer! Hailing from Grand Rapids, Michigan—home to a hub of publishing houses—it’s no surprise that Josh really enjoys reading. Currently, his favorite series is the Dresden Files, a contemporary fantasy/mystery. One of the people Josh admires—and one he’s no doubt done plenty of reading about—is Dietrich Bonhoeffer. A German theologian, Bonhoeffer never wavered in his faith, even in his final moments.