Cybersecurity Password Practices for Your Remote Employees
There have been an increase of reports in the media of an uptick in cybercrime since the onset of COVID-19, which has also forced a huge increase of remote workers, many working on their own devices.
Can my staff compromise my organisations security with password reuse?
You probably have a sign up in your kitchen reminding staff to wash their own dishes but there's always one person who won't abide by your kitchen policy.
And this person is the most dangerous person in your business.
Your Password Policy instructs staff to use a unique or complex password.
But there's always one person (and it only takes one) who doesn't abide by your policy. Password re-use is one of the top reasons businesses suffer email and domain compromises.
It works like this:
- Your staff register on a legitimate website using their work email address and the same (or similar) password.
- This website suffers a security breach and user account information is stolen and sold on the dark web.
- Hackers use the credentials to login to your systems, steal your data or use your email system to maliciously attack other staff members, clients and your other really important business contacts.
We monitor the dark-web for our clients and see compromised accounts appearing daily.
What can you do?
Multi-factor authentication (MFA) is the only safe option. It means a stolen password (which is one factor) is insufficient to login to your systems. A second factor (usually a phone) is also required. MFA is available in Microsoft365 for Microsoft products or you can protect all of your systems with Okta or a similar security software.
Monitoring the Dark Web for compromised accounts is also helpful, and can alert you to breaches of other accounts you have subscribed to.
If you want to know if your business email accounts are being traded on the Dark Web, we're happy to send you a free report from our Dark Web monitoring tool.
Speak to us if you need any advice on cybersecurity.