Cyber attacks targeting businesses increased by 255% in 2020. In general, business security breaches come from employees rather than from applications and networks, which are often well protected.
In fact, according to IBM’s Security Intelligence Index, 90% of cybersecurity incidents are related to human error. Clicking on a phishing link, visiting a suspicious website, activating a virus… the causes are numerous.
You will have understood, to protect your company’s data, you must secure your employees’ uses.
1. Force strong and secure passwords
According to Verizon’s 2017 Data Breach Investigation Report, 81% of hackers exploit weak or easily guessed passwords.
Currently, internet users have to create accounts for anything and everything. This makes it easy for your employees to fall into the trap of choosing passwords.
Often if the company does not define rules, they opt for very common terms: qwerty123, 12345, milou92, Marketing01, starwars.
The only solution? Impose, via a dedicated tool, the creation of strong and secure passwords including a minimum of characters, numbers, special characters, capital letters and a certain level of complexity.
2. Use a password manager
42% of professionals display their passwords on a post-it note stuck to the computer screen. Others write down their access codes in notebooks or even store them in their browser. Practices that pose a threat to your company’s data.
To help users create and remember their access, opt for a password manager, such as LockPass. In addition to helping generate strong, secure passwords, it offers an autocomplete feature that makes browsing (and remembering) easier with browser extensions. You can also set one or more password policies to impose a minimum level of complexity on the passwords created.
3. Securing credential sharing
43% of Internet users have shared a password with another person.
These shares are done via unsecured means, such as emails, chat applications, SMS or even excel files circulating in clear between teams.
Even if the sharing of identifiers represents a proven risk in terms of security, this practice meets real needs within your company.
Still using a password manager, you can manage login sharing at the organizational level. With a tool like LockPass – the only centralized password manager that uses encryption mechanisms certified by the ANSSI. you can set up an access management system based on your corporate directory, also called an active directory.
This is a secure practice that guarantees automatic access to all employees in a group. The data is synchronized in real time. So if an employee changes the password, the whole team instantly has the new one.
Passwords are traceable. You have access history for each login, as well as the ability to analyze access to shared passwords. Perfect to detect a potential breach or fraud.
4. Securing data sharing
Within companies, we often see “Shadow IT” practices. Employees use WeTransfer, Dropbox or other unsecured document sharing sites. This puts your data at risk!
The first best practice to impose on your employees? Send documents only via software that encrypts the data! Make sure that the chosen solution includes :
- ANSSI certified encryption.
- Encryption of email attachments from Outlook and Office365 email clients (thanks to plugins).
- The ability to configure sendings, including expiration date and download limit.
- A file tracker to check download information.
Valuable features that you can test in the LockTransfer solution of the Lockself suite, in particular.
5. Disable ActiveX and JavaScript components
Although ActiveX and JavaScript promote a user-friendly browsing experience on sites, they can pose significant cybersecurity concerns.
For example, JavaScript can be used in the form of cross-site scripting (XSS). This allows hackers to embed malicious code into a legitimate website and then steal sensitive information about your business.
ActiveX components are commonly used by hackers to install malware and spyware from infected websites. Disable them by default, and most importantly, encourage your employees to only enable them if they deem the site trustworthy.
6. Limit the list of your employees on your website
To keep your employees from being too exposed, you should encourage anonymity on the web. This starts with your company’s website.
Don’t post a list of all your employees with their email addresses, phone numbers and other information that can be exploited by malicious internet users. Instead, provide their LinkedIn or Twitter profiles.
7. Inform, inform and inform again!
In your internal newsletter, during training sessions or internal meetings, regularly remind people of good cybersecurity practices:
- Make your employees aware of phishing: what is it? How can you protect yourself against it?
- Teach them to beware of attachments sent by strangers.
- Tell them to analyze each message (if there are spelling mistakes, the risk of phising is high).
- Inform them about new scams or attacks that are in vogue, so that they can be extra vigilant.
The more they are (un)trained on the subject, the less risk they will take for the security of your data.
Data security is one of the major concerns of companies. At the heart of this issue: your employees. In addition to raising their awareness on a regular basis, adopt a solution like LockSelf, which guarantees compliance with good cybersecurity practices.