Articles

The Weakest Link In Your Business

Businesses of all sizes,but particularly small- and medium-sized ones, are at risk of a particularly sneaky Cyber Security threat. This peril – the weakest link – is unique because it is hidden in plain sight and springs from an unlikely source: Family.

The fact that the hazard is often unintentional does not reduce the risk – indeed, the very nature of family (including trusted employees, friends and relatives, as well as siblings, children, parents and other bloodline relations) tends to increase the odds of a successful cyber incident.

Why? Because a business owner or other individual with access to sensitive data is more likely to share passwords, devices and other “keys to the business” with a member of their (extended) family in the belief there is less chance of misuse by a trusted individual. But that is a mistake — even if the business has robust Cyber Security services in place — because a family member does not have to be malicious in order to do harm.

Remember that once you hand over a password to another person, you simply do not know how they will handle it. One danger is that they may jot down the password, or share it with someone else who may then share the password with another individual, all the way down the line until it reaches an ill-intentioned person. Or the trusted individual you originally handed it to may write it down on a piece of paper that is left in an unsecured location — leaving it visible to unauthorized parties. Regardless of the specific circumstances, your password’s next stop is likely to be the Dark Web or some other menacing location.

Shared devices are another common threat vector. How many times does a small-business owner bring his or her laptop home, and a spouse or child asks for access so they can do homework, create a shopping list or engage in some other innocent task? The problem is that the owner has no way of knowing what happens next. That assignment your son or daughter is working on will likely require them to log onto their school’s network — and just how secure is it? Or, as children, adolescents and even young (and older) adults are prone to do, they may log onto a gaming or other site — or even check and open their email — potentially enabling a program to covertly download malicious software onto your device.

Once a device leaves your hand, you are no longer its custodian and typically have no way of knowing how the device is being used, until it is too late. The danger may be compounded by the use of certain browsers, which, depending on their settings, may display a list of stored passwords, including those of bank accounts and of other sensitive data.

Finding a Solution for the Weakest Link

Fortunately, the solution is simple — although it may not be painless: restrict access to passwords and devices on a “need to know or use” basis. Do not circulate passwords unnecessarily; make sure you change them on a regular basis, and do not use the same password for multiple accounts. To further safeguard a password, consider using a password manager, a software application that is designed to store and manage online credentials. A password manager also creates passwords, and usually stores them in an encrypted database that is locked behind a master password.

Along with that, consider utilizing MFA, or multifactor authentication. This adds a layer of protection by adding a step to the sign-in process before email and other accounts or apps can be accessed. When MFA is enabled, a user trying to access his or own account, or a hacker trying to hijack one will first be prompted to provide an additional identity verification, such as scanning a fingerprint or entering a code received by a phone or other device registered to the legitimate user.

Perhaps the toughest part about all this is informing you family member or other person that they no longer have access to your device, or that you will no longer share your password with them. Some people have a difficult time understanding the importance of security protocols, and how dangerous it can be to bypass them. But the effort is worth it. If a hacker gets access to your personal or business accounts — and often, entry to one results in entry to the other — the hacker will be a like a kid in a candy shop, grabbing all the goodies they can, password manager.

eCare SOC Security Monitoring

Security Operations Center 24x7x365

Security Awareness Training

Reduce phishing attacks and malware infections.

Multi-Factor Authentication

Passwords are no longer enough.

Carl Mazzanti

Recent Posts

Shared Mailbox vs. Regular Mailbox in Microsoft Exchange

Microsoft Exchange provides multiple ways to control email communication in a business. Shared Mailboxes and…

24 hours ago

Remote Work Rising: The New<br>Way We’ll Work

Remote working was once a niche specialty, only used by tech-savvy and freelancers. But in…

1 day ago

The Role of Print Servers In<br>An Organization

While we live in a digital age, print is still a staple for many businesses.…

1 day ago

Implementing Anti-Spoofing Rules for Email Protection

Increasingly, email communication is playing a pivotal role in business operations, facilitating collaboration, customer engagement,…

2 days ago

The Comprehensive Benefits of MSP Management for Servers, Exchange, O365, VPN, and Networks

As the digital landscape evolves, businesses of all sizes face the challenge of managing complex…

2 days ago

Cost-Benefit Analysis of On-Premises Network/Server Infrastructure vs. Azure-Based Cloud Infrastructure

In the evolving landscape of information technology, businesses constantly seek the most efficient and cost-effective…

2 days ago