The holiday season can be a tricky time for businesses with people travelling, working remotely, purchasing gifts from their work computers and so on. One thing small businesses don’t always consider is ‘If everyone had to work from home today, would data security be compromised?’ Picture the scene: an employee is working remotely from a coffee shop sipping an eggnog latte, blissfully unaware of the risk it creates. While on public Wi-Fi, attackers can spy on users’ log-in credentials, website history and possibly even bank account details.
Add to this questionable home computer security settings, accounts being accessed from non-work devices and weak password habits, business data could be left wide open to being compromised by the time 2017 hits.
While staff may have the best intentions to remain productive, security is not often a priority. So what can business owners do to keep peace of mind over the festive season? These six tips will ensure the company can continue to operate without any data security hitches.
Update log-in credentials
Before everyone disperses across the country for the holidays, it’s worth checking the current state of all account login details. According to data from LastPass, 91 per cent of adults are aware that reusing passwords across different accounts is risky, yet 61 per cent continue to do so. This increases the chances of getting hacked, and therefore puts the whole business at risk. Of course, it’s never easy to think of and remember so many different combinations of characters and numbers, so the easiest thing to do is to use an enterprise password manager so that teams can create randomised sequences for each account.
Don’t fall foul of phishing scams
It’s not uncommon for some employees to spend more time online during the holiday season – whether it be for online shopping, giving to charities, or downloading holiday music. While this is not a security issue, per se, it may become an issue for businesses if an employee clicks on a rogue link. It could result in a malicious attack or spyware being added to the device. Business owners should make sure employees are aware of the risks online and consider issuing guidelines and training to raise awareness of the current threat landscape.
Don’t allow social media passwords to be the weakest link
We all know the benefits of social media for business: drive customer engagement and loyalty with existing customers, attract new customers, and increase brand awareness with influencers and among competitors. From a company social media standpoint, password security best practices are no different from those of an individual, although the stakes are higher when it goes wrong.
Data security is as strong as its weakest link, often this can be a single employee. Because password reuse is so prevalent, t’s important to know who has access to business social media accounts and on what devices. As we’ve seen with the LinkedIn data dump and Twitter breach earlier this year, social media accounts are prime targets for would-be hackers. Not updating passwords over time gives hackers a carte blanche to access other accounts using the same credentials.
Strengthen security questions
Many online accounts will ask users to set up security questions to add an extra layer of safety. However, they are typically bad for security and for many people, are the weak link in their overall online security system. If the business is already using a password manager to store and share credentials securely, try using the generated passwords feature for the security questions and save the answers in the ‘Notes’ section in the account. The note field ends up looking like this: first pet: ac4kpiou9ghtso!.
Encourage employees not to store passwords in browsers
While using browsers to locally store passwords may be convenient, it is insecure and leaves passwords vulnerable to hackers. That very convenience is what prevents this option from being as secure and robust as a password manager. Using a dedicated password manager takes it several steps further to help you manage your digital life. Encryption and decryption by a password manager happens locally, so zero-knowledge architecture ensures that the password manager isn’t shared, and the key to business data remains secure.
And finally, avoid laptop thefts
Thieves are particularly active over Christmas and on the lookout for easy wins. If you happen to lose your work laptop or device somewhere, consider investing in anti-theft protection software which will render the device useless should it get into the wrong hands.
Joe Siegrist is vice president and general manager at LastPass.
Further reading on data security
