Technology Record - Issue 28: Spring 2023

83 With continuous attempts to steal usernames and passwords, organisations need to ensure that their data is protected. Despite multiple warnings, there will always be a percentage of individuals that reuse passwords or create weak passwords for simplicity. If credentials created in this manner are compromised, the damage can spread and hackers may use the individual’s profile to access other systems. However, businesses can protect themselves from potential security leaks by implementing multifactor authentication (MFA) to prevent password-based attacks through phishing scams and social engineering attempts. Instead of asking for only a username and password to verify a user’s identity, MFA requires additional verification information such as a one-time passcode, cryptographic token or fingerprint. This puts barriers in place to make data less accessible for cybercriminals. Business leaders and their security teams must also establish and maintain effective communication channels with their teams so that when a security incident occurs or they spot suspicious activity, employees are able to report it to the correct individuals. To report effectively, employees need to be able to identify valid threats to reduce the amount of ‘cry wolf’ scenarios, where security teams are called out for non-threatening incidents. Some of the questions leaders need to ask themselves are: “How quickly can my employees report incidents, if they report them at all?”, “To whom did they report the incident to?” and “How have we responded to these incidents?”. To combat this, teams should provide ongoing communication and securityawareness campaigns about reoccurring and emerging threats. Theo Zafirakos is chief information security officer and professional services lead at Fortra’s Terranova Security Recommendations for further security Other tips for security-aware companies include setting network access rules to limit the use of personal devices and the sharing of information outside corporate networks. This reduces the amount of information that cybercriminals have access to if they compromise a device. Firms can also carry out frequent infrastructure updates so that applications, operating and internal systems, and networking tools are protected with the most up to date patches and antimalware software. Photo: iStock/nd3000