Jobsity’s Second Security Tip: Passwords
We touched on the use of a VPN as a security measure in our latest blog post, to continue the security within the remote workplace series we would like to discuss the safe use of passwords. Here at Jobsity, we make sure all of our passwords are secure by using certain tools that help us manage information for our remote team.
The second tip for securely working remote is to protect passwords and to manage access for your remote team. Protecting information and having IT control is crucial for the safety of the company.
Employees should be restricted in accessing documents and servers outside of their department or scope of their work. Using secure passwords and defining the areas that employees could access within the network is crucial.
As a team leader, it is important to give your IT team complete control over who has access to specific destinations. This management process allows for the IT team to view which applications and/or documents are being accessed by whom.
An SSO (Single Sign-On), can be used as a form of protection. This is an integral component of a remote IAM (Identity and Access Management) strategy. Implementing an SSO for web apps and cloud services will help your IT team to track and control access remotely. This is important if, for any reason, the IT team has to change passwords or control access of former employees.
We recommend to use an SSO with an MFA (Multi-Factor Authentication) to ensure a secure remote environment. An MFA is an additional identification process for the user which can consist of receiving a temporary code through a company cell phone as an example. Enabling two-step verification (part of an MFA strategy), will provide a secure log-in for anyone inside your remote team. This is a great way to keep your company information safe and to manage your team. The IT team will have better control of the system in order to avoid phishing attacks, data breaches, etc.
Most secure breaches occur due to weak passwords. There are a couple of sites that give support to manage your team’s cybersecurity. We recommend the use of 1Password and LastPass, these tools provide secure passwords for log-ins and store them in “vaults.” These websites will not only suggest if the password is strong enough, but would also provide strong password suggestions for you. A team leader can manage these accounts by allowing departments to access separate groups of passwords according to their scope of work. This is to say that the financial department would only be able to access financial material by the passwords that were provided to them, this is to secure the extent of privacy these sort of documents demand.
Another safety best practice is to create time changing passwords for tools, apps, servers, etc. This is recommended for sensitive information in need of protection that requires strict maintenance.
To know if your passwords have been compromised, we recommend using this website, https://haveibeenpwned.com. This website is a part of One Password, it lets users know if they have had a breach or not. It is recommended to have your team do regular security checks through the use of this site.
Applications and infrastructure that are not managed by the IT department are considered Shadow IT. In your IAM strategy, make sure to include a plan for preventing shadow IT.
Shadow IT occurs when employees use their own apps, softwares, etc. instead of the ones provided by the company. It is hard to keep track of these specific apps and softwares in order to provide secure passwords for them. One way to control this is to add MFA and use password management across all devices so your team has a centralized location for credential storage. Ask employees what resources they prefer to use to either include them in the IT team portfolio or provide a similar and more effective tool (that is included in the portfolio).
To conclude, setting up these security protocols and educating your employees is important for a secure workspace. These password-related security tips apply to every area of your organization; but your IT team leader must know how to control access and manage password protection for his team.
With the COVID-19 virus wreaking havoc on the economy and our usual work practices, these are bound to be trying times; let’s ensure that we secure our remote working spaces as best as we can. If you have any questions or have your own remote work security tips that you’d like to add, don’t hesitate to get in touch.
If you want to stay up to date with all the new content we publish on our blog, share your email and hit the subscribe button.