Protect your employees

Authentication is the process by which the system verifies that the person accessing the system is who they say they are. Usually, a password or certificate is used for authentication.

To keep your office network secure, you need to set rules on password complexity and length. You should change your password immediately if there is any suspicion of password leakage or an incident takes place. All accounts – including work, personal, and social media accounts – should use different passwords. A good password is strong (at least 15 characters, including special symbols) and unique. Instead of a typical password, it is recommended to use a passphrase. The phrase may consist of four or five words, which form a sentence (for example: 1Horse.Is.By.The.Wat3r) – it is longer, but easier for users to remember than a password made up of random characters. The password should use uppercase and lowercase letters and a symbol (full stop, comma, exclamation mark, etc.) between words. The password should be easy to remember, but not too easy to guess.

If the system configuration allows, restrictions should be applied automatically, as users tend to choose the path of least resistance. If it is not possible to set it up automatically, the regular password changes must be done manually and the users must be constantly reminded to do so. Smaller companies usually do not have a separate password policy, but it is essential to create passwords in accordance with good security practice.

Due to the growing popularity of cloud services, companies have increasingly more services that are publicly available around the world. If the service is available to the public, it is easier to attack. If a commercial service (such as Office 365, Gmail, Dropbox, etc.) supports it, multifactor authentication should be enabled. This means that, in addition to the password, some other authentication method is required, such as entering a code, confirming on a phone, using an ID card, a cryptographic token, or a hardware solution like a YubiKey.

If multi-factor authentication is implemented, attackers cannot access the system even if the password is leaked, as they lack another authentication component.

As most systems require the use of passwords, employees may have many usernames and passwords. In this case, users will start writing them down on paper, possibly using the same password in several places, or choosing passwords that are too simple. One solution to help users is to use password management software that enables them to manage their passwords securely. There are various pieces of software available for this purpose, some of which are free.

If there are many devices, it is worthwhile to deploy a central user management solution. For example, the Active Directory (AD) domain is available in Microsoft Windows for this purpose. The AD domain is a service that enables integrated authentication in a Windows environment. This allows users to log in with the same username and password to all devices in the domain. For example: before the domain was introduced, users had separate passwords for their computer, email service, and shared folder; with the domain, the user can access everything with a single password. The AD domain requires a Windows server. There are other similar solutions that do not require a server, such as Azure AD, which requires Office 365 software licences. Some business software can also be linked to, for example, AD domain or Azure AD. Centralised user management makes it easier to revoke access when a user leaves, as it can be done from a single location.