Passwords are the first line of defense for the protection of sensitive data. We use them everywhere, from our online accounts to our mobile phones and more. A robust, clearly defined password policy in a corporate environment is a useful tool – not just for the team looking for threats from the outside, but also the insider risk management team as well. According to studies, the vast majority of data breaches result from stolen or weak passwords. By preaching the importance of good password habits and enforcing your standards, you help protect your organization and its sensitive information. Here are some of the best practices to follow as you articulate or refine your password policy.
For managing access to an organization network, two-factor authentication has become the de facto standard in addition to the typical user ID/password setup. There are several ways to implement two-factor authentication. The most common type is to send a code to the users’ mobile phone or a randomized code generator application. However, we’re also seeing organizations utilize biometric data such as fingerprinting or facial recognition software to further secure their networks as part of a two-factor authentication system.
Changing Passwords When an Employee Leaves
You likely have several protocols established when an employee leaves your organization, but password management should be near the top of your priority list. Unfortunately, it is all too common for disgruntled former employees to become an organization’s worst nightmare. Prevent this from happening to you by making it common practice to change passwords as soon as an employee leaves the organization.
Protecting Privileged Accounts
For users with increased access privileges, security is crucial and often requires special protective measures. Tools such as access management software to monitor who accesses to your network as well as user activity monitoring to understand their access behaviors are required first steps. Managing credentials for privileged users is essential and should be changed at regular intervals to maintain security. As an additional security measure, these credentials should never be directly visible to or known by the end-user.
Contact ITMG to Assess Your Current Capabilities and Develop Strategies and Protocols Designed to Help Your Company Mitigate Your Insider Risk
ITMG is an industry leader in helping organizations throughout the United States strengthen their insider risk management programs and secure sensitive data and intellectual property. Our team of bona fide experts has the real-world experience necessary to plan out and create holistic security solutions tailored to the special needs and risks in your industry. Contact ITMG today to learn more about how we can help! You can also visit our Facebook, Twitter, and LinkedIn pages for more updates and insights into the world of insider risk management.