One of the questions that we frequently receive is there are so many things that we need to do to become more secure, but where do we get started?
Well, everyone in the industry agrees that there are two things that are the most impactful that you can do in order to get started with stronger cybersecurity. And those involve stronger passwords and multifactor authentication. So let’s just take a second to talk about both of those.
So stronger passwords.
What makes a password strong? We used to think about a strong password as being a character— uppercase, lowercase, special characters, numbers included. And there’s nothing wrong with that except it’s too short.
Current standards are at least 12 characters. 16 is better. 24 is better yet, and pretty soon, we’re gonna be seeing 32-character passwords as being the recommended requirement.Now obviously, it is impossible to have every single sign-on that you have be a unique password, and all of them be in that 12-24 character range.
So how do you deal with that? Well, the only solution is a password vault.
And so, with all of our program members, we use a company password vault so that the company has control. And also has really good reporting on the passwords that people are using, including what passwords are being repeat used and which passwords have been exposed already on the dark web.
So that covers number one, and that’s passwords.
Number two is multifactor authentication.
Multifactor authentication is simply something you know and something that you have.
So in most situations, that’s going to be a password plus your authentication app —normally on a cell phone. So it gives you a code that you can enter to go alongside. Now what that prevents is somebody who has just been able to hack your password and them being able to get in.
It’s not completely fool-safe. There are tricks that people use to try to clone phones and to trick them into giving up the multifactor, but it is a far superior approach than just relying on a password alone. The two go hand in hand because without having strong passwords, multifactor authentication is really just single-factor authentication if your password is weak or being reused over and over again.
So the two most important things that you can do with your company to begin the journey of being more secure: is stronger passwords with the password vault and multifactor authentication on every cloud-based service and on any computer that has administrative rights.
In other words, if you have the ability to install software onto the computer, it needs to have multifactor authentication on it as well.
If you’re looking for more guidance and assistance with the first steps to cybersecurity, reach out today to get started.