IT Consulting Advice: Improve Employee Credential Handling
What’s the number 1 rule of Credential Handling? Say it with us: Don’t re-use the same password across multiple web services!
Unfortunately, employees frequently break this rule of IT Consulting, across both personal and professional IT support practices. This, combined with the fact that often employees use their work email as their web service usernames, is a cyber attack waiting to happen. Attackers can recover the username and password for your systems from websites your employees use.
What is a business owner to do about employees using their work email and predictable passwords for an outside service, like Facebook or Netflix, and exposing your company to potential data breach risks?
Employee Training on Credential Handling
Simply becoming aware that a data breach can occur because of password reuse encourages employees to correct bad credential habits. Training can teach them simple actionable practices, such as only using work passwords for work, and home passwords for home. These resources can also provide valuable insight on how to construct secure passwords. For example, having a longer password is a lot more important than complexity. Simple IT strategies like this can make a huge impact on protecting your business.
Multi-Factor Authentication
Logging into your systems from the internet, especially your email service and your VPN, should require a second factor of authentication from another device, such as the user’s smartphone or a key fob that generates a code. If you aren’t using or have not enabled multi-factor authentication, you should talk to your IT service company as soon as possible. This is one of the most important and easily actionable ways to protect your data.
Use a Password Manager
Password managers like LastPass, 1Password, and KeyPass work as “credential vaults” that are encrypted and secured by your computer’s login password. Once you’re on your computer, these services insert themselves directly into the password field of the web page or program you’re using and offer to input a complex, randomized, long password that you don’t need to memorize. They can generate random passwords far better than a human can. IT consulting firms recommend that you use them for both work and home use.
How IT Consulting From Connetic Can Help
At Connetic, our fixed-price, unlimited IT support services model keeps us constantly searching for ways to keep our customers safe. Safe practices reduce the amount of incident response we have to perform—which we don’t get paid extra for. That’s why we put these solutions in front of all of our clients and implement them at no additional cost. We’re the IT consultant that you can count on 24/7.
Connetic’s IT consulting services team has the unique training, knowledge, and expertise necessary to ameliorate risks by implementing comprehensive security audit practices, security framework compliance, and the comprehensive implementation of cybersecurity solutions. Contact Connetic’s IT services team to set up a security audit today or to learn more about how you can benefit from Connetic’s extensive experience and exceptional managed IT services.
