As James Bond has shown, even a sophisticated MI6 operative with a nearly limitless budget and an array of hi-tech gadgets has to take into account existing security measures when formulating a plan to infiltrate a building or system. And while online criminal organizations don’t have Bond’s resources, they are sophisticated and well funded, which means you have to continually up your efforts to reduce the threat surface of your business.
As you begin planning for 2016, here are 007 tips for bringing your business closer to an MI6 level of security, without a nation-state budget:
1. Auto expiring credentials for new recruits: While we hope your corporate hiring process isn’t as intense as that of a secret agent, at the end of the day not everyone who signs up ends up making the final cut. To minimize your risk of rogue access, implement a policy that requires system admins to always create expiring credentials for new hires. It’s best practice to implement this for any temporary hires, but if your company offers an employment grace period, consider applying the expiration for the end of that time period, just in case. It’s always easier to re-implement than revoke once things have gone awry.
2. Two-factor authentication (2FA) to deter shadow ops: Having multiple forms of identification is an accepted standard for accessing highly secure systems, but it’s not something that’s strictly reserved for government agencies. If your employees’ credentials do get phished or stolen, having 2FA on your Internet-facing applications will keep them from being used. What most people don’t realize is that government-level, or similar, high-level 2FA systems are available to protect most information today and they are far less complicated or expensive to implement and use than one may think.
Read the Full Article: Source – CSO Online
Browsing Privacy: (CSO Online) – 007 Tips for keeping your business as secure as MI6