Welcome to the Inside Secure-IT series of articles. Inspired by an alert from the US-CERT at the beginning of October describing the threat posed to MSP's by hackers and other ne'er-do-wells. Our response, a comprehensive series of posts that takes a look at what we do at Lighthouse IT to keep your company data secure both on and offsite, and why cybersecurity is so important.
Both user-based security and password management are important security measures to have in place. Users needing to prove they are who they say they are adds a layer that is very hard to break through. Password management allows you to keep more secure passwords and track them safety.
WHAT IS USER-BASED SECURITY?
Multi Factor Authentication (MFA) is the best form of user-based security. It works by having a user verify through two or more separate methods. These methods are broken down into three categories:
- knowledge you have
- an object in your possession
- and physical traits of your person.
Knowledge is anything that only you should know, like a password, a pin number, or security question. Objects in your possession would be either phones or smart cards. Traits are representative of your body like a face or fingerprint. The most prominent example of MFA is a debit card where the card itself is something you own, and the pin number is something you know.
Multi Factor Authentication helps protect accounts that have had their passwords compromised as the original owner would be the only person able to provide the second piece of the authentication. There is a great list that shows which sites have MFA enabled as well as documentation on how to activate it. TwoFactorAuth.org
What are Generated Passwords?
Generated Passwords are exactly as they sound, they are passwords that a computer generates based on guild lines that the program itself has or a human makes for it. Many places require some password requirements of special characters, numbers, and capitalization as well as minimum lengths. These passwords are then saved in a management software for future reference. Here is an online tool that is able to generate passwords up to 2048 characters long in case you needed one that long. You can also read our post on passwords in the workplace.
People are often predictable, and our passwords are no exception. Most of the time we prefer short easy-to-remember phases, or passwords that contain some form of personal information in them. Do not use birthdays, addresses or anything of the sort in passwords. Sometimes we have to take a step back from habit and ask ourselves how secure is our password? Computers do not have to ask this question, and they do not have habits that they fall into. They consistently create longer stronger passwords than humans, and with management software backing it up those passwords can be stored safely and updated if need be.
WHAT is Role-based permission?
Role-based permissions are where roles are created and users are assigned to the roles. These roles usually are made to give different jobs, like sales or HR, access based on what that job entails. Users are then assigned to these roles and therefore gain access to what the role has. Users are able to be assigned and removed from group at any time, making it easy to change what the user can control.
There are many benefits to using role-based permissions. First and foremost is that creating a user is much simpler and quicker. Instead of having to individually set permissions for every person in the same position, you can set up a role once and add users to that role. Another benefit is being able to bulk edit permissions. If a folder is created and only sales staff need access, you are able to give folder access to the sales role. A downside of role based permissions is that if one user needs different permissions from others then a whole new role will need to be created. The pros outweigh the cons though... User oriented rules allow for easy changes and stronger security.
THE ULTIMATE SECURE-IT CHECKLIST: STAY AHEAD OF THE SECURITY THREATS!
Protect your company's well-being. The best defense is an aggressive offence. Be active in securing your data. Passwords, networks, backups, mobile-devices, etc. are all critical places that a company cannot afford to have compromised. Follow each item and make sure you meet top security best practices.
WHAT DO WE DO?
We at Lighthouse use Multi Factor Authentication with almost all of our accounts, especially accounts containing client information. We use apps on our cell phones that generate a new code every thirty seconds, and for added protection all our phones have some form of body recognition activated. Hackers would have trouble getting into our systems with the number of layers in place.
We trust Hudu to create and store stronger passwords than what we could ever come up with ourselves. These passwords are used for any account that we create both for ourselves and our clients. The passwords that are stored within Hudu are only able to be accessed by users with access to said document, allowing further management and security.