Here’s a hard truth: the only secure computer is the one that’s turned off and unplugged. For the next-best security to an offline computer, a managed services provider can help you develop a technology strategy that balances security and efficiency.
While there’s no such thing as 100% security, you can manage the threats to your network – but you have to know what those threats are. Once you have knowledge of the risks, you can make intelligent, informed decisions about your company tech policies.
There are many options, ranging from doing nothing to spending a lot of money and energy mitigating risk. Large corporations spend a significant amount, but SMBs can manage risk effectively too.
Here’s the rub. You need your employees to be productive, and you need their buy-in to utilize the tools and processes you have put in place. It’s all about the balance between safety and access … and that is a tough tightrope to walk on your own.
itSynergy’s founder, Michael Cocanower, recently gave a presentation recommending practical steps businesses can take to better manage risk and make sure all their users are protected. His findings are summarized in this blog.
The Great Password Debate
For years cybersecurity experts have recommended that users change their passwords semi-frequently. It’s an accepted network security practice for many organizations. They require their employees to change their passwords at a regular interval, such as every 90 days.
Now tech professionals are debating the wisdom of this practice. What’s the reason for this new skepticism?
Predictability Compromises Information Security
Changing a password means meeting frustrating requirements. Many companies require their employees to come up with passwords that are 12 characters long and contain special characters.
Repeatedly changing a password to meet multiple requirements can be irritating and time-consuming. So, users will look for shortcuts. That shortcut often becomes a pattern, as people tend to be predictable.
For example, if the original password is “SunsFan1” and the user is required to change their password every 60 days, it’s likely that they’ll change it to something along the lines of “SunsFan2” or “SunsFan3,” etc.
Cybercriminals who gain access to one password can pick up on this trend. So even if the user changes their password, their account isn’t protected. Continued access to a user’s account on the company network gives the cybercriminal more time to cause serious damage. This trend is what has led some cybersecurity experts to recommend that users refrain from changing passwords.
The Flaw in Never Changing Passwords
However, is the solution to this problem telling users to never change their password? Our team at itSynergy doesn’t think so. There’s a flaw in the logic of always sticking to the same password, and it’s a big one.
When a password is compromised in a data breach, the party who was responsible for the security of the password – whether that’s a major site like LinkedIn or a smaller local site – needs to alert the user.
But what happens if that big corporation or small organization doesn’t know that there was a breach? What happens if the user continues to use the compromised password for other accounts, including the company network?
If users change their passwords at regular intervals, then the chances of the same password that was exposed in the breach being used to hack into the company network are decreased.
Education Can Create Secure IT
We believe that with the right education, employees can avoid the problems associated with creating new passwords. A good technology strategy will include password training. Never changing passwords could leave your company vulnerable if a password is compromised. Changing passwords by simply altering one number or letter doesn’t protect you.
The team at itSynergy can help educate your users on how to use tools like LastPass to keep track of complex, secure and changing passwords. With the right training, employees can help maintain a high level of network security.
The Importance of MFA for Network Security
Protection goes beyond password security. Two-factor or multifactor authentication (MFA) are both important security protocols that all companies should require their employees to set up and use. The additional step of taking a code sent to your phone and inputting it while logging in can add an extra 15 seconds to the process. That step adds a bit of friction, but doesn’t take a significant amount of time.
Requiring all employees to use MFA is the responsible decision to make when it comes to risk management. The payoff of implementing MFA is well worth the extra seconds. When leaders search for new processes to increase security without impacting productivity, MFA should be at the top of the list.
Watch our latest webinar about MFA.
How a Managed Services Provider Can Help With Access
Access to your network is a key consideration. When you outsource IT, your managed services provider can help you set up strong access protocols. Who accesses your WiFi, what private customer information you can share and what third-party vendors can access are 3 key considerations.
An important step to protect your network security is to create a guest WiFi network for your office. You can also make your network safer by changing the router password from the default, and hiding your router and updating firmware on your wireless devices regularly. Hiding a SSID disables a wireless router’s SSID broadcast feature. Disabling the SSID broadcast stops the router from sending out the wireless network’s name, making it invisible to users. There are several other steps your company can take to protect your WiFi network, and a managed services provider like itSynergy can help you implement them.
Your customers and clients often share sensitive data with you. While some information can be shared, every customer should know that they can opt out of having their nonpublic personal information shared. Your company should clearly communicate this information. itSynergy can help you develop privacy notices that accurately reflect actual policies and procedures.
Third-Party Vendor Access
When it comes to third parties who have access to your customer information, it’s important that your policies and procedures are clear. Managing contracts, continuity requirements and vendors’ handling of information is critical. It’s also important to require vendors to periodically provide logs of their activity on your company’s network. A managed services provider can help you hold vendors accountable for how they handle your customer information.
itSynergy Balances Ease of Use With Security Strategy
There is no silver bullet when it comes to cybersecurity, but with the right managed services provider, you can effectively manage risks while staying productive. Michael Cocanower, founder of itSynergy, has extensive knowledge of potential risks from his experience as a Certified Ethical Hacker. Our team can help you find the IT solutions that work the best for your business. Contact us today and we’ll help you develop a secure IT strategy while keeping your data protected.