Cybersecurity best practices
Set yourself up for success
As the situation with COVID-19 progresses, more businesses continue to transition to working remotely and use electronic systems to communicate, exchange data/information and conduct business. The practices outlined in this article are meant to provide simple, actionable suggestions to businesses on software selection, passwords, sending confidential information and further internal controls. Note that the information contained in this article is provided for information purposes only.
Password security best practices
Longer passwords are better passwords, at least 16 characters long. The more characters a password cracking program has to crunch, the harder it is to guess.
Mix letters and non-letters in your passwords (non-letters include numbers and all punctuation characters on the keyboard).
Avoid choosing a password that spells a word.
Add random capitalization to your passwords.
Use a random mix of alphabetical, numeric and symbolic characters.
Change your password at least once a year. Ideally, change your password every few months to shrink your exposure window.
Do not use the same password on multiple accounts. When one site is compromised, hackers try to use those passwords to access accounts on other sites. Do not let one break-in give hackers access to all your accounts.
Source: MIT Information Systems and Technology website
We suggest using passwordsgenerator.net to create passwords
Verifyle
Verifyle is a secure communication platform that uses a system with a combination of six different encryption keys to access or share information. It is free to use for up to three “workspaces” and $9/month for 1,000 workspaces. This is one of the most secure storage technologies on the market.
A lot of cloud-based storage services use master keys to encrypt information in bulk, whereas Verifyle uses Cellucrypt technology to automatically encrypt every single document, message thread and note individually.
Verifyle can be used as a master storage location for passwords and secure communication with employees.
Source: verifyle.com
Public wifi and VPNs
Never enter passwords, access sensitive websites or enter payment data over a public network (e.g. airport, cafe, etc.) or semi-public network (co-working spaces, universities, etc.) as these are vulnerable to information monitoring by malicious cybersecurity actors.
Use a virtual public network (“VPN”) such as nordvpn.com to secure data when working on public networks.
Sharing passwords with employees
In general, passwords should not be shared with employees. Employees should have their own individual accounts and NOT use a master account for any business activities.
Share the password that you designate for employees via Verifyle. Employees should NOT save passwords to browsers or write them down in an electronic text file or elsewhere.
Any sharing of information via Verifyle and any passwords entered should only be done over a secure network or cellular connection.
Never share/enter passwords over public or semi-public networks
Suggested procedural systems
Use two-factor authentication for ALL sign in activities. I.e. set up your accounts so you have to enter the password AND verify identity in another way (e.g. via a code texted to your phone).
Change your passwords to secure passwords. Change every password at least quarterly.
Only share passwords individually in a separate, designated Verifyle workspaces as needed.
Install anti-malware software such as Bitdefender onto company equipment.
Use cloud-based enterprise systems such as G Suite for storage, email management and collaboration. Box is also a suitable provider for storage with solid functionality.
Thank you for reading. If you have further questions on cybersecurity or IT best practices, configuration, setup or other questions, please feel free to schedule a call with us.
Want to learn more?
Schedule a free 15-minute consultation.