Jarrett Kolthoff | December 10th, 2018

Business Journal Ask the Expert Column – 2018

We’re going to focus today’s Ask The Expert on one, single question I received in my inbox this morning. The question is a reminder for everyone, that cybersecurity is the responsibility of every person within his/her respective organization.

Q: Our company just made a sizeable upgrade in cybersecurity following a near breach. What can everyone do to help improve cybersecurity?

Cyber security needs to begin at the desktop level. Your online behaviors can make you a security risk to your company. So here are some basics you can practice to help thwart your adversary who’s determined to breach your defenses, ransack your company’s data and take your company’s assets.

The Problem With Passwords And Cybersecurity.

Most people have around 100 online accounts, with many of those accounts sharing nearly identical passwords. A hacker can use the dark web to find these compromised credentials that are sold for pennies. By gaining more and more access, hackers eventually find their way into company websites by cultivating these passwords.

Steps To Take Immediately To Improve Cybersecurity.

1. Never Share Key Account Passwords. Many organizations still share key passwords to accounts with critical data among multiple people inside the organization. When an employee leaves the organization, or someone who uses the password experiences a compromise, the entire organization becomes vulnerable. At that moment, anyone outside the organization with the password can login to the account without your security system blocking entry, sounding an alarm, or registering an anomaly. A good way to eliminate this problem is to require unique credentials for entry into systems containing critical data and log monitoring within the environment to detect a compromised password quickly. Also, be sure to enhance your password policies. Regularly changing passwords can lead to weak logins that are easily hacked. For key account entry, require users to have unique passwords, not repeated or used elsewhere, that are 15-25 characters long. Use phrases and strings of words for best results. Then add multifactor authentication.

2. Create A Protocol For Critical Information. Most companies have no structure or classification for their most important information. This lack of organization provides an open door if you’re breached. It’s essential to separate critical information, intellectual property (IP), and trade secrets from your day-today data. Prioritize all of your information by grade or classification, so you can quickly identify what’s most important.

3. Use A Secure Cloud Infrastructure For Critical Information. If your most important information isn’t in a secured environment (with multiple secure off-site backups and multifactor authentication), start taking steps to do so immediately. If your information isn’t in a secure infrastructure even low-level threats can access your information easily. Guard critical information carefully. Make sure employees and vendors with access don’t leave critical information in easy-to-breach locations such as desktop systems, laptops, mobile phones, portable drives and more. And never store critical information within a stored e-mail. Always treat critical information with importance.