Riaan Badenhorst, General Manager of Kaspersky in Africa, on what is the best practice approach that businesses should take to password security.
Cybercriminals’ tactics have grown in sophistication and at an alarming rate over the last few years. Threats are becoming more targeted and specific with advanced threat actors being used to carry out damaging attacks. Our research shows that threats will only become more targeted and dangerous in 2020. No one business is immune to this reality and threat – especially as businesses – and their employees continue to operate and conduct daily work operations in the digital landscape.
While the evolution of technology and all things digital has reshaped and revolutionised the way people work and conduct business today, the digital world beings with it risks that businesses need to be aware of and prepared for.
One such risk is that of a lack of sufficient password protection. Various types of technologies, devices and accounts are used to carry out work tasks and to communicate on a daily basis. Many of these aspects become people’s lifeline both in a personal and professional capacity – just think about email as an example. In fact, it is rare to find someone who doesn’t feel somewhat lost or unproductive if they don’t have access to their laptop, smartphone device or emails throughout the day.
As these devices and accounts become more entrenched into daily life, so they continue to exchange and store an increasing amount of data – and often very value data, including business critical and sensitive information. If these devices and/or accounts are not adequately protected and do not have strong passwords, they are at an increased risk of cybercriminal attacks, which if happens, could lead to devasting consequences for a business.
Password protection and password-based strategies must be a top priority for businesses driving forward a digital approach and with this must form a core part of any strong cybersecurity policy.
The following practical steps to effective password protection within a business can be considered:
- Consider the role of human error – research shows that 80% of all cyber-incidents are caused by human error. Businesses need to onboard staff training around the realities of cyberthreats, how data can be at risk and how staff can go about protecting the organisation’s business data as well as how to go about setting strong passwords as required for various devices and accounts
- Security awareness training – in considering the above, minimising, or hopefully eliminating, the potential human error aspect of cybersecurity within an organisation requires the organisation to look at building a human firewall. This is achieved through the right security awareness and training solutions that go beyond basic training, to offer training that is easily digestible, practical, and importantly, memorable, to ensure that staff don’t become the means by which an attacker gains a foothold in the organisation
- Security solutions investment – a solid data protection strategy in the digital world is made up of a strong suite of security solutions aimed at protecting businesses data across the full business and its employee base
When considering how much data or information mobile devices and various digital based accounts hold, it becomes evident that password protection is a critical consideration business must look into and educate staff around. Cybercriminals will look for any loophole they can find to infiltrate a business and cause serious damage – don’t make it easy for them with a lack of attention to password security.