Logins allow users access to a wide array of secure areas and accounts. In their simplest form, most logins involve a username and password. When these credentials are added to the necessary fields on a sign-in page, they grant the user entry into the digital storage or email account that sits beyond.
If an unauthorised individual manages to obtain these credentials, they effectively have all the capabilities that the user has. In terms of private data, they can view it, steal it, copy it, delete it, encrypt it, infect it, download it or alter it, compromising the data’s security, privacy and integrity.
If they manage to enter an email account, they can commit all these actions with stored messages but also access settings and the options offered by the account. Consequently, they can send emails out pretending to be the user or even change the login details, barring access to all but themselves.
Logins that carry high privilege can cause the most harm. If they belong to an administrator or executive, they can allow malicious actors to commit a wide range of damaging activities, such as downloading malicious software like ransomware and computer viruses on to enterprise networks, or transferring company funds to their account.
To avoid these unfortunate scenarios, in this blog, we’ll run down the essential steps that enterprise professionals can take to keep their logins secure.
Choose a strong password
To keep cyber-criminals out of your accounts, login credentials must be robust. An eight-to-12-character password is a suitable length, but it should not be easy to guess. No personal information should ever be included in a password that could help attackers work it out. For example, dates of birth, hobbies and names of friends and family members must always be avoided.
The latest recommendation from the National Cyber Security Centre (NCSC) states that passwords should be constructed by combining three separate and unrelated words. This rule makes passwords difficult to decipher but easier for users to remember.
Overused credentials can become known to others or be disclosed in online data breaches. To ensure login details remain secure, they should be updated periodically. Altering passwords monthly is an approach adopted by many companies, but patterns for password revisions should be randomised to ensure threat actors remain unaware of how and when credentials are edited, to enhance security.
Enterprise admins should issue passwords to staff instead of allowing them to select their own credentials and, if an employee leaves the company, the access allowed by their credentials should be immediately revoked.
Don’t save or store login information
Passwords and usernames should never be stored on operating systems, applications and web browsers to avoid them being collected by threat actors. Tick boxes to remember passwords should be immobilised wherever possible.
Never use the same credentials on multiple sites
Users should never use the same passwords for multiple accounts and systems, or risk hackers gaining access to a wide range of systems and platforms simultaneously.
Enter log in credentials privately
Credentials should be entered discretely, and never be visible to passers-by when logins are attempted in public places or in a remote setting shared by others.
Never share credentials with others
User credentials should never be shared with another individual or posted online via social media, employment profiles or company websites.
Use Multi-factor authentication (MFA)
MFA should be activated for all logins so that accounts and systems have an extra protection layer. Codes can then be sent to personal devices to allow entry. Devices should require biometric scans or pins to access them.
Deploy anti-malware and anti-virus
Protective security software can keep computers free of an extensive range of harmful software like keyloggers and spyware that are designed to steal usernames and passwords. Ensure your protective applications are always up to date so that they can defend against the latest threats.
Be wary of phishing scams
Phishing messages sent via email, voice calls and texts are used to trick users into parting with their private credentials. Never click on any links from a suspicious message that directs you to a login page. Instead, visit sites by typing the address into your browser. Links lead to fake sign in pages and are designed to harvest login details.
Stay secure with Galaxkey
The Galaxkey secure workspace has been designed to keep company personnel safe while working, whether they are operating from the office, at home or on the move. Our flexible solution is exceptionally user-friendly, ensuring it is always used effectively and no passwords are ever stored on our system. We also offer powerful tools to enhance your cybersecurity, including cutting-edge digital document signing, data encryptions and a suite of secure email solutions.
To protect your people and keep attackers out of your accounts, contact us today and arrange your free two-week trial.