By Natalie Bluhm Posted February 9, 2019
Many executives and business owners haven’t really spent much time thinking about identity security within their organizations. It makes sense because they have so many other, more pressing matters to think about, like growing their business. But, the truth is that business owners and executives do need to care about protecting their organization from online threats, and that starts with identity security. In this article, we’ll talk about why identity security matters and what organizations can do about it.
Why Does Identity Security Matter?
Quite simply, a user’s identity—e.g. their username and password—is the fastest way for an attacker to compromise an organization. We, of course, know this from our private online lives where PayPal compromises have cost users astounding sums of money and hacked Facebook accounts have caused tremendous havoc in our world. It’s easy to think, “Oh, that will never happen to me.” But, keep in mind that last year alone over 446 million records were exposed. That’s enough for the entire U.S. population to have been affected by a data breach in some way or another.
For SMBs and other organizations, though, why should a compromised identity matter? We only need to look to high profile breaches such as Sony, Target, and Uber to learn that identities are critical. But, are smaller organizations at risk too? Yes, and arguably more so. In fact, about 58% of cyber breach victims have been SMBs. Do small businesses really have anything of value to a hacker? Yes. Almost every organization has something of value. If there truly isn’t, then, their business connections can easily become a conduit for a hacker. The Target Breach is a great example of how one organization can be leveraged to gain access into another organization’s network. Simply put, in this deeply interconnected online world that we live in, no organization is an island or without value to a hacker.
Don’t Forget About the Deadly Consequences
Regardless of the value to the attackers, the consequences of a security breach can be catastrophic to an organization. To start, there are the costs of clean-up, which can be significant. Then, if the organization is subject to any compliance regulations, such GDPR, PCI, HIPAA, or others, there can be expensive fines. And, maybe the most important consequence is the reputational damage with customers, employees, shareholders, and partners. No organizations should allow themselves to go through this experience. It truly can be devastating and debilitating with one report finding that 60% of SMBs fail after suffering a data breach. So, what can you do to secure identities in your small business, or any business for that matter?
How to Strengthen Identity Security
First, everyone in your organization should be using strong, complex passwords, and they should never reuse passwords. Consider using a password manager, a modern identity management solution, or a combination of these options to enforce best password practices.
Next, implement multi-factor authentication (MFA) wherever possible. MFA is a very effective measure in protecting your IT resources because a password and a second factor of authentication will be required in order to access resources. Note that it is more secure to leverage an app on your phone that generates Time-based One-time Passwords (TOTP), like Google Authenticator, than it is to use an SMS delivery method.
Another helpful step is to conduct regular security awareness training with your employees. Training them on what to look out for and how to be mindful about security can go a long way in protecting your digital assets. After all, your employees are your main line of defense in protecting identities, but they can also be the easiest for an attacker to trick. Consider reading this guide on employee education essentials for help on what to cover in security awareness training.
Lastly, implement an identity and access management solution. An effective platform will provide users with one set of credentials that they can use to access virtually all of their IT resources. End users only have to keep track of one username and password, and IT admins can centrally manage all of their user identities from one solution. When an IAM solution also has identity security features built in, IT admins can centrally enforce some of the best practices mentioned above like strong passwords and MFA. If you’re in need of an IAM platform, or what you have isn’t doing a good enough job, consider looking into JumpCloud® Directory-as-a-Service®.
Protecting Identities with JumpCloud
JumpCloud is a cloud identity management solution that supports virtually all IT resources regardless of protocol, platform, provider, and location. Consequently, IT admins can provide their end users with one username and password to access everything they need to Make Work Happen™. Additionally, JumpCloud is packed with features that can help secure not only identities but also systems, applications, file storage, and networks. This provides businesses of any size with the means to fortify their IT environment from the inside out.
To learn more about why identity security matters, consider reading this whitepaper on why it’s time to take identity security seriously. If you’d like to see how JumpCloud Directory-as-a-Service can strengthen security across your IT environment, sign up for a free account. Your first ten users are free forever, and you’ll have full access to all of our features, including password complexity management, MFA, system policies, and so much more. If you have any questions along the way, drop us a note, browse our Knowledge Base, or check out our YouTube Channel.