Secure your user accounts

There are many threats facing your and your business, from Phishing emails to Ransomware. It can feel daunting to try and keep up with the range of best practices and security tools out there.

Many breaches involve some form of account compromise, whether it's the initial foothold or getting hold of credentials for an admin user once they're inside, having access to a legitimate account is a huge stepping stone for an attacker.

One way that you can make a real difference without breaking the bank is by making sure your user accounts are well locked down.

To make an attacker’s job more difficult, consider the suggestions below:

1. Avoid Password Reuse and Implement Multi-Factor Authentication (MFA)

One method used by attackers is credential stuffing — a technique that involves using stolen username and password combinations from one breach to access accounts on other platforms.

This was the cause of the 23andMe breach that exposed the information of nearly 7 million users.

If you or your employees reuse passwords across multiple accounts, you’re making life very easy for attackers looking for access.

What You Can Do:

- Avoid Password Reuse: Ensure that every account has a unique password. This simple step can drastically reduce the risk of multiple accounts being compromised in a single attack.

- Implement MFA: MFA adds an additional layer of security by requiring a second form of verification, such as a code sent to a mobile device or an authentication app, in addition to a password. Even if a password is compromised, MFA can prevent unauthorised access.

2. Establish a Strong Password Policy

While creating unique passwords is crucial, ensuring they are strong enough to withstand brute-force attacks and guessing attempts is also key. However, complex passwords can often be difficult to remember, leading to frustration or insecure practices like writing them down.

What You Can Do:

- Use Passphrases: Encourage the use of passphrases—combinations of random words, numbers, and symbols. Passphrases are longer and more secure than traditional passwords, yet they are easier to remember.

- Leverage Password Managers: A password manager can securely store complex passwords, reducing the burden on users to remember multiple passphrases while ensuring that they remain strong and unique.

3. Implement Single Sign-On (SSO) Where Available

Managing multiple accounts for employees can be a cumbersome task, especially as your business grows. Single Sign-On (SSO) solutions simplify account management by allowing users to access multiple applications with a single set of credentials. This not only streamlines the login process but also makes it easier to manage user access.

What You Can Do:

- Adopt SSO Solutions: Where possible, implement SSO to consolidate account management. This can make it easier to onboard new employees and, crucially, to revoke access when employees leave the company.

- Centralise Access Control: With SSO, you can centralise access control, making it easier to enforce security policies and monitor account activity across various platforms.

4. Tighten Processes for Joiners, Movers, and Leavers

A significant yet often overlooked security risk comes from within the organisation—namely, improper management of employee access rights. Without tight controls, employees may retain access to systems they no longer need, increasing the risk of insider threats or misuse of privileges if their account is compromised.

What You Can Do:

- Develop a Clear Access Policy: Implement a structured process for managing the access rights of employees as they join, move within, or leave the company. This should include regular audits to ensure that access rights are still appropriate.

- Automate Access Management: Where possible, automate the process of provisioning and de-provisioning access to ensure that employees only have the permissions they need and that these permissions are revoked as soon as they leave the organisation.

Final Thoughts

Securing your business accounts doesn’t have to be an overwhelming task. By taking these simple steps—avoiding password reuse, implementing MFA, adopting strong password policies, utilising SSO, and tightening your access management processes—you can build a robust foundation for your business’s security. Not only do these practices protect against common threats, but they also foster a security-conscious culture within your organization, empowering your employees to take an active role in safeguarding your business.

Take Action Today: Begin by reviewing your current account security practices and identifying areas for improvement. Small changes can make a big difference, and the time invested in securing your accounts now could save your business from significant headaches later.

For more tailored advice on how to enhance your business’s security posture, get in touch about our security assessment services. Together, we can ensure that your business is protected against today’s threats while staying prepared for tomorrow’s challenges.