Humans make mistakes. They leave their phones in bars, they lose their laptops, and they hit reply all to company-wide emails. Humans also knowingly give away company secrets to gain favor or steal ideas to go out on their own. Even worse, they can expose personal identifying data (PID) to the public for money or fame.
These behaviors don’t just affect financial firms or high tech companies, either. If you have employees, you store PID. If you sell a product, you have proprietary secrets. If you own an email list, you store contact information. Businesses of all sizes manage data that could mean the difference between increased profits next year and going bankrupt due to lawsuits. In fact, according to Verizon, 58 percent of data breaches happen at small businesses. A shocking 60 percent of small businesses hit by a cyberattack will go out of business within six months of the attack. And in today’s increasingly digital and mobile work environments, it’s more important than ever to safeguard your company’s data from potential threats.
Threats come in many forms:
- Current employees
- Recently terminated employees
- Contractors
- Competing businesses
- Cybercriminals
Multi-factor authentication (MFA)
What is it?
MFA and its popular subset, two-factor authentication (2FA), are ways of securing access to password-protected sites by asking for unique pieces of identification from the user. Users can only access the password-protected information or application if they possess all of the requested information. MFA is commonplace for highly sensitive apps for online banking, credit cards, and other financial applications. These may ask the user to answer a security question like “What’s the name of your hometown” or “What was the name of your first pet” in addition to a password. The user should provide an answer that is easy for them to remember but difficult for a casual hacker to find. Other business apps may send a unique code or use an authenticator app to generate a unique time-sensitive number called a Time-based One-time Password Algorithm (TOTP) for the user to enter.How does it protect your data?
MFA and 2FA add an extra layer of security to sensitive apps by requiring more than one password. This significantly cuts down on the likelihood that a stranger could force entry into your account by guessing the password through random password generation or even with access to a list of customer names and passwords. MFA should be used in conjunction with other security protocols like VPN, however, as it only guards the login stage of app use, and could be susceptible to phishing or man-in-the-middle attacks where another user intercepts your data after you access the app.Do this:
Most software as a service (SaaS) providers have MFA or 2FA options you can configure in the app’s settings. Some will allow administrators to activate MFA for the entire company instance from within the admin settings, while other apps require each user to turn it on for their individual account. Contact your software company’s support to get more information on their MFA and 2FA options.Corporate password manager
What is it?
A software that securely holds the passwords for all employee and business accounts. Corporate password managers often have desktop apps and browser access that autofill usernames and passwords for sites they recognize. This software often facilitates the generation and storage of secure passwords with random letters, numbers, and symbols.How does it protect your data?
Corporate password managers only require users to remember a single main password that grants the user access to all of the stored passwords. The tools also let users securely share passwords. Because the company owns the password software license, it can cut off access or change passwords to sensitive company software for offboarded employees. This reduces the number security breaches from unsecure practices like writing down passwords, sending them via unsecure channels like email, or storing them in a text file on the computer.Do this:
Review the corporate password manager software that meets your needs. Some of these accounts can log how often your employees use the tools, while others build a secure wall around individual accounts. You’ll also want to check that your password manager of choice has some built in security features like MFA and encryption. Once you’ve made your choice, buy a software seat for every member of your team and enforce the tool’s use. Consider running a company-wide training to boost adoption. Solid password manager software options:Termination and offboarding protocols
What are they?
Termination and offboarding protocols govern how access to company data is secured when an employee leaves a company. This includes deleting or turning off access to individual accounts, changing passwords, deleting apps from personal and company computers or mobile devices, and handing over sensitive documents.How do they protect your data?
Even employees who leave amicably could put company information at risk. While most former employees won’t actively give away company secrets as retribution for termination, they can inadvertently expose information they didn’t know was left on their devices.Do this:
Make an offboarding checklist that includes all possible employee accounts and complete the checklist at every offboarding. You can simplify this process with a corporate password manager. Consider including these items on your checklist:- Employee logs out of all accounts on company hardware which is then checked by and left with a member of the IT department or HR
- Employee logs out of all company accounts on personal devices in the presence of offboarding staff
- Employee shreds any non-vital company documents or hands over vital documents before offboarding meeting
- Offboarding staff member turns off access to email, password manager, and company accounts during offboarding meeting.