The more inconvenient you can make it for would-be criminals to get your business and customer data, the less likely they are to try. Unless they are specifically targeting your business, there is almost always lower hanging fruit. Here’s how to tighten security with just a few simple changes:
Have two-step password recovery or logins.
If you’ve ever forgotten your password to an account through Google or ADP, you’ve been given an extra passcode for extra authorization. More and more companies are turning to adding a second, manual step to prevent mass password reset requests and to prevent typical bots from being able to complete the process. So add this extra step for when your customers need new passwords and when your employees log in.
Never give out forgotten passwords.
Several years ago, you would be sent your password if you forgot it. But companies and online services gradually started switching to password resets instead. This isn’t necessarily because it’s any easier on the hacker’s end to recover the password instead of resetting it. But the fundamental architecture of old password recovery systems was a spreadsheet. You’d enter your username as part of your password recovery request, the system would find that string of characters in the ‘username’ column, and then you’d receive an email with whatever was in the ‘password’ column. If hackers know how your information is organized, it’s that much easier to steal.
Use a physical key for administrative access.
A physical token is also an icon of early Internet security. Instead of two-step verification apps like Duo, people used to get remote network access through their computer login and by plugging in a token that provided a long string of randomized characters: one of the most secure passwords.
For truly crucial information and access portals, like your server administrator’s or CTO’s computer, use a token. They’ve become more and more secure, and the element of physical security makes it that much harder to break into.
For more security tools, go to AE Technology Group.