As reported earlier this week, Verizon recently released a detailed analysis of hundreds of data breaches.
One interesting statistic was that the amount of reported social engineering hacks- the polite way of saying “tricking people into giving you their password” – was down from last year. That’s misleading though, because social tactics remain the most dangerous and pernicious type of attack on any network. An intrusion can usually be detected, but when a hacker is able to successfully exploit a user and log in with legitimate credentials, it becomes next to impossible to stop.
Nextpoint deploys every security provision possible to defend users’ data, but the weakest link in security will always be careless humans. All of the security provisions in the world cannot prevent a hacker if someone has your username and password. Just as problematic is the use of weak or easily guessable passwords. (For example, “Password” is never a good password.)
Nextpoint applications have tools in place to guard against both of these problems, including password strength requirements, two-factor authentication, and “login history” functionality found in the My Profile section within any Nextpoint application. Administrators can review when any individual last logged in through the Dashboard view. It’s also useful to review the history within an application to see if any unusual or unauthorized transaction has taken place.
Don’t Be the Weakest Link in Data Security
There are several basic steps that can help prevent social hacks. First, limit permissions to only those trusted users who must access client data in order to do their job.
Next, always limit that number of advanced and administrator-level permissions to only the staff who absolutely must have such access. Above all, initiate a policy limiting when and how new users can be added and control access to reset passwords and other credentials.
Always be very suspicious of any emails or messages requesting access to an application. It may not be unusual to have a team member tell you they have lost their password or email to request a new PIN number.
Unfortunately, it is easy for anyone to spoof an email address or even pretend to be someone else on the phone. Take advantage of the tools available to continually monitor access, and whenever possible, limit the number of people who can log onto your system.