Credential Security
To help you strengthen your credential security, we encourage you to take the following precautions:
- Review access to your technology tools. It is often an afterthought, but as users leave or changes take place in your organization, you may need to adjust permissions accordingly. It is best practice to grant access to tools that an individual currently needs access to. Any employees who have left, or no longer need that access, should not still have access. Diligently revoking unnecessary access helps mitigate the risk of attackers using these inactive accounts to enter your customers’ environments.
- Enforce strong password policy. This goes beyond having strong passwords themselves. It also means instituting a frequent change policy and requiring different passwords for different customer sites. The password change policy needs to be enforced throughout your organization and for your entire portfolio of tools.
- Two-factor Authentication. Two-factor Authentication in software has become a must-do in today’s cyberthreat landscape. If there is a two-factor authentication feature within software you use, ensure that both you and your users are taking advantage of it and do not have it turned off. If the software you are using does not have two-factor authentication capabilities, you can consider leveraging single sign-on tools to strengthen your password security efforts.
- Store passwords securely. Using complicated passwords has its disadvantages because they are hard to remember. Many users may start storing these passwords in commonly used applications that are unfortunately unsecure, such as Notes or Notepad. This makes the information easy for cybercriminals to steal. Employ the use of a password manager for your users to use to securely store their passwords.
- Review user roles. Like the first best practice mentioned above, as your IT provider to work with you to review the roles assigned to employees at their businesses. Part of reviewing roles means looking at permissions associated with different roles. This should be done regularly by someone who understands both the business and the personnel, to ensure each user is not given more permissions than they need to do their job.
Security is of utmost importance at every business, including here at HubWise Technology. We review our security settings diligently for all of our technologies to ensure we are complying with security best practices and don’t put our business or our partners’ businesses at risk.