Misconfiguration of cloud solutions is often overlooked when companies plan cybersecurity strategies. Cloud apps are typically quick and easy to sign up for and the users assume that they do not need to worry about security because it is handled by the provider. This is an incorrect assumption because cloud security is a shared model. The provider of the solution handles securing their backend infrastructure and the user is responsible for configuring security settings in their actual account. The problem with misconfiguration is huge and is the number one cause of cloud data breaches. Continue reading
Tag Archives: accounts
3 Essential Steps Before You Fire an Employee
Your employees need access to your IT resources and accounts so that they can do their job, but what happens to that access and those passwords when you fire them? Nobody likes to think of firing their employees, or why you’d need to, but nonetheless, it is a responsibility of every business owner and they will face it at some point in time. While your book keeper or accounts team will stop their paychecks it is important to take the same proactive stance to stop their system access.
Most of the time, former employees leaves under good terms and you’ll wish them well. If you are lucky they may even manage the hand-over to their replacement (so your productivity losses are minimal). Other employees may leave your business reluctantly and / or angrily. While you will have very different feelings about the two scenarios, the risk to your business remains high until action is taken. Here are 3 steps you can take to protect your business from an angry ex employee:
Step 1: Limit access to a need-to-know basis
You might be surprised how often a new employee is presented with access to every ones account and has access to all the company data. Accounts, staff & customer details, strategy, marketing etc etc…all those sensitive parts of your business that have made it a success are exposed. A better policy is to limit access to only what the employee needs for their job. Rather than view it as a lack of trust, your employees will appreciate the care you’ve taken to protect your business (and their job). It also helps keeps them from becoming overwhelmed, confused or tempted if the situation ever turns sour. Likewise, take a few moments to delete old or temporary accounts that are no longer required – you never know when a hacker or disgruntled employee will squeeze through those gaps.
Step 2: Quickly change passwords
On average, it will take at least a week before passwords are changed after an employee is fired – if at all! Unfortunately, this type of delay is one your business can’t afford. In 2017, an ex-employee from the American College of Education held their entire email system to ransom for $200,000 after an unhappy exit. Stories of others stealing client databases are also common – especially if they leave to start their own business or work for a competitor. It is not just full-time employees either, contract and part-time employees such as social media managers and customer support email specialists often have access to more of your business than you might imagine. Yes you may be able to get the person involved prosecuted but it only takes seconds to login and wreak absolute havoc on your network. Knowing you can force those bad eggs into a lengthy court case is poor comfort considering the extent of damage you’ll likely endure. The best option is to change their access credentials fast – even before your employee knows they are fired. This lessens the chance of revenge attacks and opportunistic access.
Use a password manager
If you have good password manager like KeePass or LastPass, reducing your risk becomes mostly automated. You will be able to keep your passwords in a central vault and only share passwords to those who need that access – plus you can section off the passwords to different sections or job roles. If an employee leaves or moves to a new internal position you can change or revoke access.
We can help you secure your network and use a password management tool. Contact us at
su*****@dp*********.au
or 08 8326 4364.
How To Stay Safe While Being Social Online
How do you balance being social with staying safe online??
These days it is common for people to happily share all sorts of their private information online. Unknown to the actual users this sharing builds information stores that can easily become a one-stop goldmine for fraudsters.
It’s not exactly the intention everyone has when they sign up to a social network site (as the whole point of most of their networks is to share your life with your friends) but this social sharing depends on us making certain privacy sacrifices.
So how do you balance being social with staying safe?
On Facebook alone, the average person shares 13 pieces of personal information ranging from a fairly innocent name/email combo, all the way to their mothers maiden name and home address.
It doesn’t sound like a lot, but those 13 pieces have the power to unravel your life within minutes.
Even checking in at home has become the norm for some people, helping to create a multi-dimensional online identity. The details are available to anyone who cares to look, whether they’re a friend keeping in the loop or someone with a much darker agenda.
The problem is that you don’t know who’s looking at your profile or why they are looking.
For example, someone could try accessing your email account by clicking the ‘Forgot password’ link. The email service follows its security rules and asks identifying questions like ‘which high school did you go to? What is your pet’s name?’ These most common identifying checks and their answers are probably available on a lot of peoples Facebook page.
Once your email address is compromised, hackers can use that to break into other services by going through, clicking ‘Reset Password’ on site after site, account after account – since they have full access to your email. So there’s nothing stopping them from compromising all your online accounts.
7 Ways To Secure Your Facebook Without Missing Out on the Fun
- Preview your profile as others see it (ie see if you can login on a friends account to see what they can see).
- Review what should and should not be visible to strangers.
- Consider only sharing partial details, like birth day and month, but not the year.
- Only ever ‘friend’ or ‘connect’ to people you know and trust.
- Be wary of duplicate or ‘odd’ friend activity – hackers will often clone or hack a friend’s profile and initiate an urgent and uncharacteristic request (usually for money).
- Update your past privacy settings too.
- Set default future sharing to ‘friends only’.
Need help securing your social media privacy? We can help– contact us today on 08 8326 4364 or via email at
su*****@dp*********.au
.