Dealing with a reported possible breach of an employee’s account requires specific action to be performed by the employee and IT department. The breach can often create many problems because it has the potential of exposing confidential data that likely needs to be protected at all times.
The first determination to be made is exactly what happened. By understanding how the account was compromised, the Help Desk can quickly get to work on rectifying the problem. Many times, an account was compromised through a cyber attack, where hackers gain unauthorized access into the account and steal the data. It is imperative to understand if the possibility exists that the hacker obtained the information through social engineering (trickery), brute force (using guessing or computer software programs), or a vulnerability in the company infrastructure.
What Accounts Are Affected?
If the company has strict password guidelines and protocols firmly in place and fully enforced, then more than likely only one account has been affected. If the employee used the identical password on multiple accounts, it is highly likely that the other accounts will be compromised, if that has not already happened. While it is important to immediately change all the affected account passwords there are other steps that must be initiated to minimize the damage from this breach, and prevent any future breach.
Taking the Appropriate Steps
There are specific and appropriate steps that must be taken to ensure the damage to the affected accounts is minimized. The steps include:
Step #1. Change All Passwords
An immediate change should be made on all passwords held by that specific user on every account they maintain. Limiting access to the company server will minimize any damage from this moment forward.
Step #2. Scan for Malware
It is imperative to instantly perform a virus scan to seek out any malicious malware or embedded viruses that may have been opened on the company server. This includes a full scan on both online and off-line hard drives, along with portable devices including USB sticks and external hard drives.
Step #3. Review Password Policies
Once the damage has been identified, minimized and controlled, it is important to review all password policies and protocol. An effective policy should be implemented that ensures that all generated passwords include both lowercase and uppercase characters along with letters, numbers, symbols and special characters. Password lengths should be pre-determined to be no less than nine characters long. The policy should also include an automatic change every 90 days, with the inability to reuse historical passwords again. The system should also be set to prevent the use of personal names, or other identifying data, sequential numbers or easy-to-guess words or phrases.
Step #4. Retrain Employees on Social Engineering
Anytime a potential breach exists, it is important to retrain all employees on the damaging effects of social engineering. Every member of the workforce should be instructed on how to handle all types of social engineering including effective emails. Writing, speaking or posting passwords openly should be strictly prohibited, along with storing them in text files on the Internet, or the company intranet.
The IT department should also train every employee on brute force attacks from hackers and cyber-thieves. The training should include how hackers work to steal confidential company data through unauthorized access into the organization’s servers.
Step #5. Incorporate Two-Factor Authentication
A simple way to develop a higher level of protection to avoid the potential for security breaches is to incorporate two-factor authentication. The additional layer of security can be provided through biometric means (a fingerprint or iris scan), USB tokens, token-less software authentication, smart cards, audio port tokens, magnetic stripe cards, virtual tokens and others.
A second layer of authentication works over and above the standard username/password combination. Two-factor authentication is based on two or more specific factors that include knowledge, possession and/or inference. Knowledge is based on something the user automatically knows (their username and password), something they possess (a token, or answer to a specific secret question), and something they are (a fingerprint scan).
There are specific basic actions that the IT department and Help Desk can perform to ensure potential security breaches are minimized in the organization. Higher levels of security can be created by building a system that will require the user to use a two-factor authentication system every time sensitive resources are accessed. The company protocols on passwords should also include the necessity to use a different password for each specific account, especially those at the administration level.
By incorporating two-factor authentication methods into the authorized user protocol, the IT department can ensure that the company data remains secure and confidential. It is up to the management of the IT department to develop and enforce strong procedures. This will ensure that every employee understands the same guidelines when creating and maintaining the safeguards at protecting company information.
Remember: just as loose lips will sink ships: poor policies, collapse companies.
If you want to learn more about how devastating cyber-crime can be, download our free 10-page eBook on Cyber-crime and Small Business.