Mischief Night, the day before Halloween, is a celebration where the revelers engage in harmless pranks; however, in the business world, your staff can create much more than harmless mischief if they are not properly trained and following IT security procedures.
For example, most people do not intentionally give away their email passwords; however, often they are not properly trained to recognize a phishing email or the organization doesn’t enforce multi-factor authentication because it’s not convenient. We recently learned of an organization that fell victim to a combination of a phishing campaign as well as a look-alike domain name and lost $660,000 dollars as a result. Clearly, cyber criminals aren’t just looking to make mischief; the potential financial booty is tremendous. So, what do you do to avoid turning Mischief Night into Nightmare on Elm Street ?
Train your employees on IT security! We cannot say it enough. Every organization needs to train their employees on an ongoing basis to ensure they understand your security policy and recognize potential risks. Encourage a “neighborhood watch” approach. If someone notices anything suspicious, such as not being able to log into an email account right away, have them notify your IT staff immediately.
IT Radix offers both online security awareness training as well as ongoing testing to ensure your team is actually learning and applying the training to real-world emails. We also have an email IT Security Tips series that we encourage you to share with your team. IT security training is not a one-and-done process. Every organization needs to constantly reinforce security and appropriate training.
Use strong passwords and secure any shared passwords. It goes without saying that everyone should create strong, complex passwords. Additionally, you should avoid reusing the same password string in multiple systems. The average person must keep track of 90-120 accounts and passwords. As a result, IT Radix now recommends the use of a password manager that not only tracks passwords but also audits and reports on who is using these passwords within an organization. We offer a business-class password management system to all our clients.
Enforce multi-factor authentication. Yes, it might take one more step to login, but the increased security benefits far outweigh this minor inconvenience. Multi-factor authentication requires a basic password along with a second piece of information or an actual device (such as your smartphone) to login to critical systems such as email, your accounting system or line-of-business application.
Through training and strong security practices, your organization can keep the fun in Mischief Night and the nightmares out of your business.
Contact IT Radix here to get your employees onboard with IT security!
First published in our October 2019 IT Radix Resource newsletter
