k_Street Consulting, LLC Blog
Cybersecurity Month is Over, Time to Get Sloppy!
Are you tired of hearing about the importance of secure passwords, two-factor authentication, and security updates?
We get it. All of these techno-nerds (ourselves included) have spent all of October and even the weeks leading up to it talking about the importance of cybersecurity, preaching the importance of things that, let’s face it, just get in the way of you getting work done. Thank goodness Cybersecurity Month is long over, and now we can all get back to being absolutely reckless with our data, right?
Obviously, We Don’t Really Mean That. Cybersecurity is Important All Year Round
We do get the sentiment though. You can only hear about the importance of strong, secure passwords so many times before you just want to drown it out. It feels preachy, and in all honesty, it can make it more difficult to get work done.
That’s because, as a concept, security is supposed to make things more challenging. It adds steps to get access to sensitive information, and these steps are supposed to make it nearly insurmountable for the bad guys—obviously at the very least, it will be a minor inconvenience for the good guys.
If you are burnt out by all of the cybersecurity stuff from the last couple months, this article is for you. We know you don’t really think it isn’t important, but we understand if you weigh in on the effort versus what you feel you are gaining, it can feel like you can get a little lax when it comes to security.
So how do we make it easier, so it doesn’t interrupt you while you are working and trying to manage your business?
Here are a couple of ways.
Password Managers Take a Lot of the Brainpower Out of Being Secure
I promise, we won’t say it again in this article after this, but you definitely DO need to have unique passwords for every account, and you absolutely need to use secure, complex passwords. We can safely assume that your brain isn’t a computer, and you probably don’t have hyperthymesia, so unless you are Rainman or Data from Star Trek, you probably can’t memorize dozens of long, complex passwords.
So don’t.
Password managers can handle this for you, and they can even generate secure passwords and often tell you when a password is at risk. They are designed to be easy and flexible, and some of them can even securely handle two-factor authentication for you as an added perk.
Most password managers sit within your browser (although there are often mobile apps too) and will be available when you need to log into an account. When you are creating a new account and need to generate a password, your password manager will generate a random string of characters and save the record. You’ll never need to know your passwords, provided you keep track of the password for your password manager.
Need to share one of your complex, random passwords with someone else?
If your entire company is using a corporate password manager, then every single user will have access to the password manager, and you can easily share passwords with other people who need them. Want to give your marketing person access to your Twitter account? Go into the password manager and share the entry with them. You can also revoke it from them when you want to, change the password, and have it updated in the password manager.
This means strong passwords become a small shift in habits, but this genuinely makes life easier once you get used to using the password manager. There are plenty of options out there, and we help businesses by setting up password managers across the entire company, so definitely reach out to us for some advice on that.
Follow Strict Need-to-Know Practices
Treat your network like it’s right out of James Bond or Mission Impossible. This doesn’t really require much work on your end, at least not on a regular basis. It’s more about planning things out.
When we work with a client who needs to meet certain security compliance standards, one of the tasks is often to sit down and figure out who in the organization should have access to certain types of data. As it turns out, the intern doesn’t need access to HR documents. Marketing doesn’t need access to financial information. You get the idea.
By setting up very clear access controls, you eliminate a lot of potential issues that come from giving any particular person too much access. If an account were to become compromised or infected with ransomware, or if a user were to want to do harm to the company, giving them full access to everything leaves you open to more risk, while keeping everyone set up with restricted policies keeps problems smaller.
Just Be a Little Suspicious
It takes no time at all to just be a little wary of the messages, emails, and notifications you get. Don’t assume that everything is legitimate and requires immediate action, and you’ll likely save yourself a huge hassle eventually.
Here’s what we mean.
Often, a scam artist will try to get you to do something by manufacturing urgency. “Hurry, your account was compromised! Click here to fix it now!” or “Alert! Your bank account has been suspended, log in here to see more!”
That doesn’t mean you should ignore an important message like that, but there’s usually a better chance that it is a scam these days. Instead of immediately tapping or clicking on the link that comes with the warning, take a deep breath and log into the account the same way you would normally, either by going to the homepage of the website, clicking on a bookmark, etc.
This way, you circumvent the potentially dangerous link in your email or text messages, and attempt to solve the problem. It’s a small, simple habit, but if you can stick with it, you’ll avoid 90% of phishing attacks and other types of online scams.
Don’t Get Burnt Out By Cybersecurity
We know it can be exhausting, but it doesn’t have to be. We help businesses secure themselves and meet extremely strict levels of compliance every day, and we can help your organization do the same without completely disrupting your bottom line.
Want to learn more, and chat about how we can protect your business? Give us a call at (202) 640-2737.
Comments