2nd of 3 Cybersecurity Articles
In the last article, we examined three cybersecurity tips to defend against credential theft. We began our article by defining credential theft and how your credentials can be compromised. In this article, we’ll explain how cybercriminals use stolen credentials and how employees can prevent credential theft. In this post, we’ll describe four additional tips to assist with your cybersecurity readiness plan. Next time we’ll explain why cybersecurity awareness training should be part of your defense strategy against credential theft.
How do cybercriminals use stolen credentials?
Once compromised, stolen credentials have a variety of uses, and they enable attackers to infiltrate organizations and steal sensitive information. It only takes a single stolen credential to gain access to an organization’s infrastructure and cause devastation. Stolen credentials are a valuable commodity because they can be used in several different ways:
- Send spam from compromised email accounts.
- Deface web properties and host malicious content.
- Install malware on compromised systems.
- Compromise other accounts using the same credentials.
- Exfiltrate sensitive data (data breach).
- Identity theft.
How can employees prevent credential theft?
Given the thriving marketplace for stolen credentials, your employee credentials are at risk. Unfortunately, usernames and passwords – the most common digital credentials used today – are all that stands between your employees and vital online services, including corporate networks, social media sites, e-commerce sites, and others. To minimize the threats, we can help our employees to become more aware and vigilant, and we can help them understand the impact of stolen credentials. Here are some tips that can empower employees to prevent credential theft:
- Help employees be on the lookout for suspicious links that can lead to ransomware.
- Ensure users only open attachments from trusted sources—no matter how official the attachment looks.
- Encourage safe password practices, like using a password manager and not writing them on sticky notes.
- Make team members aware of the dangers of logging in from unsecured Wi-Fi networks and how to use them safely.
- Work with a responsive partner that’s on top of today’s challenges.
Cybersecurity Tip – Established Strict and Secure IT Policies and Procedures
Policies and procedures regulate business operations and are essential for defining the standards and expectations of employee behavior and actions in the workplace. While establishing strict, security focused protocols is essential, a system of validation and enforcement is equally important. After all, rules without consequences are merely suggestions.
Cybersecurity Tip – Maintain regulatory compliance
Maintaining regulatory compliance is mandatory for many organizations. While navigating and satisfying the obligations can be complicated and stressful, achieving compliance is a critical component of having a cyber ready business. Security and privacy are integral elements of compliance.
Cybersecurity Tip – Take advantage of all security protections possible
Security is asymmetrical. Where businesses must plan, prepare and defend against every threat or scenario, cybercriminals only need to find a single weakness or hole in your defenses to carry out their malicious plans. Protect your data and your business by deploying multiple security strategies together as one.
Cybersecurity Tip – Deploy on-demand insight into suspicious activity
Knowledge is power. A critical component of cyber readiness is having on-demand insight of anomalous activities, suspicious changes, potentially harmful misconfigurations or any other malicious activities occurring internally on your network. Promptly detect and remove threats before they cause damage.
If you have any questions about how to increase your organization’s defenses against cybersecurity threats; we’re here to help and educate.
Vivitec specializes in Cybersecurity and Managed IT Services and was recently ranked by our peers as a Top 100 Cybersecurity Advisor and Top 500 MSP Company in North America. We know your business relies on technology and Vivitec believes your experience should be Simple, Secure, and Reliable.