Three tips for your staff
are: not to reuse
passwords; have complex
passwords and enable multifactor
authentication
whenever available.
team has limited or no visibility into the applications and
tools employees are using. Many employees will be deploying
remote collaboration tools independently of their organisation’s
IT departments, and these are not subject to the same due
diligence and testing that would normally be undertaken. This
means security, data sovereignty, compliance and retention are
all outside of the organisation’s control.
“Once we all get back to working ‘normally’ in offices again,
many of these collaboration applications will be forgotten
and this poses new security problems. Many of these apps
will not be updated again and will therefore be vulnerable
for exploitation by hackers. On top of this, login credentials
– which will likely include easy-to-guess passwords anyway –
may get compromised and be utilised for other attacks, such
as phishing.
“Three tips for your staff are: not to reuse passwords; have
complex passwords and enable multi-factor authentication
whenever available. Beyond this, ensuring employees
are still getting the basics right while working remotely is
key. Password managers, for example, can limit the risk
associated with dormant applications, so even if ‘shadow IT’
collaboration tools are being used and left, the credentials
remain up-to-date.”
When passwords alone are not enough
For individuals seeking to protect their personal information
and secure their online accounts, a strong password is a
critical first line of defence. “But, if you are a commercial, nonprofit
or government organisation, a password, regardless of
how unique or how often it is updated, will barely scratch the IT
security surface,” said Mihir Shah, CEO, Nexsan, a StorCentric
company. “The only true protection for an organisation’s
high-value data is to aggressively lock it down using a
hardened storage solution that has been engineered with the
understanding that attempts at corruption or deletion can come
from anyone, anywhere and at any time. The solution must
be capable of recognising and rejecting every such attempt,
regardless of whether it’s from a virus, ransomware, spyware,
user mistakes, software error or a new threat that hasn’t even
been discovered yet.”
With developments in the situation around COVID-19 occurring
daily, it is important for businesses – and their employees –
to think about what steps they can take to best protect their
important data and avoid any security crises that would make
an already turbulent landscape worse. Utilising passwords is
one way of doing this, but they are a tool that must be treated
with respect and vigilance. u
76
Issue 28 | www.intelligentciso.com