Cybersecurity 101: don’t share your login details
If you want to protect your business from hackers, don’t do what MP Nadine Dorries does and give everyone in your office access to your login details. That’s the first rule of cybersecurity… don’t share your passwords!
As part of the row over who might have had access to Damian Green’s computer, Nadine Dorries tweeted that, ‘My staff log onto my computer on my desk with my login every day. Including interns on exchange programmes …’
Apparently oblivious to the horrified reactions of other Twitter users, she said, ‘All my staff have my login details. A frequent shout when I manage to sit at my desk myself is, “what is the password?”’
This is seriously bad IT security practice. Whatever she may say about not having access to sensitive documents, she is making the whole government system vulnerable to cybercrime, as well as opening herself up to exploitation by cybercriminals.
We don’t know exactly how the House of Commons networks are configured, but with her tenuous grasp of the basics of cybersecurity, clearly neither does Nadine Dorries. It may be extraordinarily easy for hackers to target her email account and, through it, gain access to any other part of the system. Just as a disgruntled intern could impersonate her on email, though her own email account, and apparently send out any number of inappropriate communications.
We cannot stress it enough:
- Never, ever, share passwords or other login details with anyone
- Make sure all members of staff have separate network logins
- Beware of setting up shared email accounts with easy-to-remember passwords, even for offices that have a lot of email traffic, such as customer services
- Delete email addresses immediately for people who have left the business, including temps and interns
- Delete all old VPN or virtual workstation connections – these connections are an easy way into the system for hackers, especially if the passwords are weak
- Use extra strong passwords. The latest advice is to use three words that mean something to you but that are not connected in any obvious way – plus numbers or special characters for extra strength.
- Learn how to identify potential phishing scams and upskill your team in identifying potential scams. This will help you to avoid potential breaches to your IT security,
Cybersecurity Tips for Businesses
So that you don’t fall foul to cybercrime like what might happen to Nadine here, one day, here are some cybersecurity tips to consider:
Use end-point encryption
Endpoint encryption protects the operating system from the installation of “Evil Maid” attacks that can install malicious files on your hardware and other endpoints, preventing unauthorised users from accessing the data.
Create and IT strategy that plans for end-to-end cybersecurity protection and cybersecurity training for your team. Implement an IT security team through your IT company that can implement the cybersecurity strategy. This will include regular IT security audits, detection practices and critical disaster protocols.
Implement fake-phishing scams and monitor successful attacks and then upskill your staff on identifying and reporting potential threats to the company and IT security through these attacks. Additionally, ensure that your stuff understand the importance of key cybersecurity breaches, like passwords, which are the main cause of IT security breaches. Here’s some advice on password security.
Add in security software – there is a tonne of these that all have different capabilities. The most important aspect is security for your weakest areas. Ensure that you’re strengthening from the bottom up, bolstering cybersecurity in your most vulnerable and likely accessed areas with cybersecurity software.
Monitor Your Network
Bottlenecks in your IT network can be caused by single devices overusing resources. This might be the result of malware installed onto the device or the device has been lost and is being used by someone who found it. Therefore, regular auditing your network performance and optimising accordingly can be the difference in such cases.
Using a Cybersecurity Company
At Firstline IT we now run staff cybersecurity training course to help employees understand the risk of cyber-crime and guard against attacks.
Firstline IT is an IT services company based in Oxfordshire, providing a range of IT services to small and large businesses in Oxford and across the UK.