Make sure no personal addresses are used as a Recovery Option
A recovery method is essential in case of forgetting passwords and somehow not having access to a stored password or in the case of a Cyber Attack.
This can cause the password to be changed. In the case of the linked story above the employee had his personal email as the recovery address, for a while Google said no to reset it due to their policy.
Make sure the recovery address is linked to the organisation, even if it is a throwaway email address not associated with the domain (recommended),
you should ensure the policy does not allow the use of personal Email addresses.
Unique Passwords for every site
This sounds obvious but the number of people even in the tech world that uses a variation of the same password.
We went to help someone recently that had 1234 and changeme in their password, clearly left as a placeholder to encourage the user to change it but this was their only password on multiple machines.
Regardless of how complex your password may be it needs to be unique.
The reason is simple if a site was breached and passwords leaked if you used one complex password that password would then be out in the open for all to try.
Consider Password Managers
Consider a Password Manager to make sure you can keep track of the many different passwords you will end up with,
most Password Managers also have the functionality to generate a password and this is useful when creating unique passwords.
Make sure the CEO/CFO have access to Passwords
You don’t want any IT company to hold all the keys to your kingdom,
best practices are to have the main password locked away in a safe so if an employee leaves, is fired, or if an IT company goes out of business then you won’t be locked out of your crucial systems.
For example, when we encrypt systems we set a unique key, this is stored in a secure place that our clients can access as without this key recovery is impossible.
Security awareness training
Keeping staff clued up on what to do can make the difference between your company making the right steps towards a secure environment, and staff accidentally opening up the doors to a breach.
With GDPR if such a breach occurs you have to report it to your customers and the Information Commissioners Office (ICO), along with the potential fines it is not worth it.
Quite a few companies offer Security Awareness Training including CHTSI, look at booking a sessionwith whoever you choose to use. The difference it will make to your staff will pay dividends to protect your business.
If you would like to learn more or are in need of support. Or would like to discuss working together, book an appointment or call 01423 423068
Interested and want to help smooth the process? Install our Onboarding tool. You can also try to reach us via our HubSpot Live Chat.
Schedule An Appointment
We would love to hear from you regarding any Outlook or Microsoft 365 Support, IT Support, Cyber Security, WordPress Website Design, or any Computer Support request you may have. Get the best out of Harrogate & Yorkshire IT Support.
Please note if you are a client and need to request IT Technical Support, please use ourClient Portal
Need a quick chat or request? Try our HubSpot Chat from this page. Alternatively, use our WhatsApp Chat
Book with us
REMOTE APPOINTMENTS NEED TO BE PAID FOR BEFORE WORK IS CARRIED OUT
Book A 15 Minute Video Call
20+ Years IT Experience
Business Phone Systems (VOIP)
Cyber Security Specialist
Experts in Outlook Support & Migrations
IT Support in Harrogate
Social Media Management
Website Hosting & SEO Management
“Extremely helpful and proficient technical support. Provided one-off troubleshooting when I required support to recover Outlook. Carl was knowledgeable, polite, and patient in resolving my issue Highly recommended.” – Pras Legal Corp.