///////////////////////////////////////////////////////////////////////////////////////////
FINAL WORD
from a one-time code, biometrics such as
fingerprint and iris, or behavioural analytics.
By adding another layer of protection, even
if a password or email does get stolen in a
breach, the attacker will still need another
piece of information before they gain access
to sensitive information.
There’s no magic eight ball to predict
what’s going to come next in the world of
cybersecurity and there’s no guarantee that
something that protected a business one
year ago will keep it safe today. But if the
alarming rise of cyberattacks has not yet
resulted in meaningful security behaviour
shifts, businesses need to take the burden of
responsibility off their employees and work
to make security both easy and convenient.
Ian Pitt, LogMeIn’s CIO
opportunities to harvest personal identities
by a cybercrime gang presenting themselves
as the upholders of the law and offering ‘let
us protect your privacy, just send us your
information’ to individuals. So, it’s important
that a core feature of any security policy is
training employees to be both the first and
last lines of defence.
Password management should be one of
the top priorities in any policy, given that
a recent study found that 59% of people
surveyed continue to use the same password
across accounts, even though 91% know it’s
a security risk.
This should include education on safe
password practices, including how to create
a strong password and the importance of
using unique passwords across accounts
both at work and at home.
being attacked, but productivity is improved,
money is saved and the chances of insider
attacks are reduced.
Implement a security policy
However, a business that relies exclusively
on technology to mitigate threats will be
doomed to failure as the best technological
defences can easily be unwound by a
social engineering attack. For example, the
recent GDPR events provide a wealth of
www.intelligentcio.com
At minimum, a password should be 16
characters long and unique with a mix of
character types, moving towards complex
phrases rather than simple letter substitutions.
Creating a long and complex password will
ensure that a brute-force attack is unrealistic
and if the password is unique it ensures all
your other accounts are protected if said
password is leaked in a breach.
The policy should also ensure that multi-
factor authentication is introduced across
all work accounts. This could be anything
Adopting a policy that shows an awareness
and understanding of human behaviour as
well as incorporating technology that fits the
unique needs of the business is key. Through
this and regular education, companies will
be able to put up the best defences against
both internal and external attacks. n
“
THERE’S NO
MAGIC EIGHT
BALL TO PREDICT
WHAT’S GOING
TO COME NEXT IN
THE WORLD OF
CYBERSECURITY
AND THERE’S NO
GUARANTEE THAT
SOMETHING THAT
PROTECTED A
BUSINESS
ONE YEAR AGO
WILL KEEP IT
SAFE TODAY.
INTELLIGENTCIO
105