In recognition of Safer Internet Day 2021, we wanted to highlight some of our top tips for how people and businesses can optimise and strengthen their online security.
The past twelve months have demonstrated the importance of having a robust and secure IT system in place as more and more people are working (and learning!) from home. By following some of these simple steps, you’re ensuring that your data is secure, and mitigating the risk of potential online security breaches. It only takes one person within an organisation to cause a security breach that could damage you both financially and reputationally.
Your password is the ultimate protection for your personal data when working online. Password re-use can cause significant issues for many companies and individuals, leaving you vulnerable to potential hackers.
The NCSC has researched the most commonly used passwords and has even released a file of the 100,000 most-frequently used passwords (spoiler: if you use any of the passwords in this list, we would recommend you change them immediately!)
Some of our favourites include…
There are some really easy-to-use tools that will support you with keeping your passwords safe. We’d recommend downloading the free tool, LastPass, where you can store all your passwords in “The Vault”, and only need to remember your master password to access these. You can also choose to share redacted passwords with trusted people within your organisation.
For Microsoft users, Azure AD Password Protection is also a really helpful tool that will allow you to eliminate easily guessed passwords, significantly reducing the risk of having your accounts hacked.
Two-factor authentication is another simple way of keeping access to your various online accounts safe. This method adds an additional security layer to the login process, making it harder for hackers to access an individual’s accounts.
There are a few different authentication factors that can add this additional layer of security, including:
- Secondary device factor: sometimes known as a possession factor, users will be asked to verify their attempt on another known, trusted device
- Knowledge factor: this is something the users ‘knows’ such as a password or shared secret (common examples include mother’s maiden name or name of first pet)
- Inherence factor: more commonly known as a biometric factor, this would be something that can only be gained through the users’ physical self, such as a fingerprint or facial or vocal recognition
- Location factor: simply put, this is implemented by tracking the geographic source of a login attempt and blocking those that don’t sit within pre-determined geographical parameters.
Education and awareness
From both a business and personal perspective, it’s really important to recognise what potential phishing scams and cyberattacks might look like. In a remote-working environment, this remains more important than ever.
There are some simple measures to put in place to help arm your staff against cyberattacks, including regular education around what a potential phishing scam might look like, and the appropriate process for escalating this.
The National Cyber Security Centre is a brilliant resource for businesses to help ensure they are operating safely online. Their “Stay Safe Online: Tips for Staff” training modules are a great, free place to start.
Standardise your IT infrastructure
For businesses working remotely at the moment, and with a business landscape that looks set to adopt a hybrid working offering more widely, standardising your IT infrastructure could be pivotal.
By having a simpler network with less moving parts, you can ensure that everyone has the same cyber protections in place. Security updates can be applied holistically, allowing for improved consistency which will ultimately minimise business disruption and allow issues to be resolved quickly.
Above all, you’ll operate in a more secure IT environment. You won’t need to monitor multiple services and troubleshoot them on a case-by-case basis. Instead, your processes will be slicker, and any suspicious activity will be identified and deal with more efficiently.
Remember – internet safety shouldn’t just be thought about on one day, it’s something that businesses take seriously every day, 24 hours a day.
If you’d like to speak to our team about implementing some of these steps to help boost the IT security of your business, we’d be more than happy to support.
📞 01244 952 500