What are some lesser-known cybersecurity best practices that can help individuals and businesses?
You already know to not share passwords. But what are some lesser-known cybersecurity best practices that individuals and businesses can implement to stay secure?
Before I mention the less-known examples, I think it’s important to highlight some “common sense” cybersecurity best practices. You’d be surprised how often these go ignored!
First off, there’s a common misconception that malicious hacks are the biggest threat to ordinary users and people. That’s just not true – according to Verizon, over 80% of breaches are caused by weak or stolen credentials.
The most basic suggestion I can give is to not reuse your password, and use complex passwords containing numbers, caps, and symbols. But as we know, that’s just not enough anymore. Another important tip is to enable MFA! I can’t stress this one enough. It’s the single most effective way to protect yourself.
Some lesser-known tips that businesses and individuals can adopt:
- Refrain from using SMS for one-time passwords: Sim Swapping attacks are on the rise, and phishing increasingly targets SMS vulnerabilities. In 2016, the National Institute of Standards and Technology recommended that organizations no longer send one time passwords to mobile phones, due to malicious actors continuing to exploit this weakness in SMS. Instead, consider other authentication methods such as security tokens, OATH based authenticator apps, push notifications, wherever possible.
- Physical IAM: Organizations should look for ways to integrate physical identity security with their systems + applications. Whether that’s requiring badges or fobs to get into physical offices, or giving remote workers FIDO2 authenticators like YubiKeys, social engineering increasingly exploits vulnerabilities in physical perimeters that can easily be mitigated.
- Automating HR Processes: HR tech is becoming more important for cybersecurity because it’s where a lot of access and security issues are initiated, especially during employee on- and off-boarding. Some companies have literally dozens of administrators overseeing logins and access permissions during onboarding.
According to an Intermedia Risk Report, 44% of millennial employees still have access to apps and systems from previous jobs. Based on our experience, it takes some companies up to a month to fully off-board former employees and shut down their access and accounts after they leave a company.
By automating on- and off-boarding, and locking down access quickly as an employee joins or leaves or even moves within an organization, you dramatically reduce the time when accounts (which are vulnerable to malicious actors) can be exploited.
This post originally appeared in a Quora Q&A session hosted in January 2020. Our CPO Archit Lohokare was asked to discuss the state of cybersecurity, Zero Trust, artificial technology and machine learning and working in the security field, among other things. Stay tuned as we share more of his answers in our blog!