While we were already hurtling toward a more digital future, the pandemic gave the world yet another push toward digitization. From QR code restaurant menus and digital vaccine cards to telehealth appointments, even more of our lives now revolve around computers and smartphones. While we do still have physical markers of our identities – such as passports and social security cards – banking apps, electronic medical records and more also digitally store our personal information.
This year marks the second annual Identity Management Day. Hosted by the Identity Defined Security Alliance and National Cybersecurity Alliance, this day serves as a reminder of the dangers of casually or improperly managing and securing digital identities. While most consumers know better than using “password123” to secure all of their online accounts, security gets more complicated for businesses that have to manage hundreds or thousands of employees.
Nearly 90% of cyberattacks that Kaspersky’s Global Emergency Response Team responded to in 2020 were due to brute force attacks, vulnerability exploitation or employees falling for malicious e-mails. The research suggests that the transition to working from home and connecting back into the enterprise led brute force attacks targeting Remote Desktop Protocol to nearly triple in the span of a year. While businesses have their own cybersecurity software and mechanisms in place to prevent hacks and breaches, employee errors are tough to get a handle on.
To support Identity Management Day’s mission to educate business leaders, IT decision makers and the public on the importance of identity management, we wanted to share some tips that employers can leverage to ensure their employees are properly managing their digital identities.
- Create an information security guide. Developing and sharing a basic information security guide for employees to read during onboarding can help minimize cyber incidents by establishing concrete steps and guidelines to follow.
- Leverage a password manager. Having a new password for each account is crucial for maintaining security, but it can be difficult to remember a million different passwords each with different characters, numbers and letters. A tool like Kaspersky Password Manager can help store all of your account passwords while also developing new and unique secure passwords for your accounts.
- Double-check e-mail addresses and links. Cybercriminals love targeting employees through their work e-mails where guards are down and it’s assumed the e-mail is coming from a trusted coworker. Make sure that the e-mail address is correct and if not, avoid clicking on any of the included links or attachments, since employees are a popular target for phishing scams.
- Enable two-factor authentication. Unfortunately, having a secure and unique password sometimes isn’t enough. Two-factor authentication can help prevent an attacker gaining access to the account or system even if there’s a password leak.
- Establish emergency contacts. Creating a list of contacts for employees to reach out to in case of a suspicious e-mail, a ransomware note or any other questionable issues can help alleviate any employee headaches or confusion. Emergency contacts can be a security officer, a system administrator or even the business owner.
Seventy-nine percent of organizations have experienced an identity-related security breach in the past two years. Don’t let your business become another statistic and make sure your employees are keeping your and their data secure.