With revenues of 1.2 billion USD, LogMeIn is among the top 10 SaaS (Software as a Service) companies. One product of this company is the password manager “LastPass”. We mentioned the reasons why the use of a password manager makes sense in an older article. But now LogMeIn is publishing more IT security tips for better password management.
Comprehensive education: One of the most important IT security tips
Various IT security measures, such as the use of a password manager, are implemented only slowly. One of the main reasons for this slow implementation is insufficient education. A password manager requires all employees to change the way they work. The effort involved in the conversion must be understood by every employee in order for the implementation to be successful.
In addition to the explanations for the most important security systems, the “why” should be explained. Only when the employees have understood why a password manager is necessary or why a sensible handling of passwords is unavoidable. If the employees recognize the advantages for themselves, they will accept the effort and get used to new systems.
This IT security tip, however, also includes information about current attack methods. Authentication and password guidelines do not suffice as IT security measures; it is necessary to train employees so that they can recognize phishing e-mails and other threats independently. The ability to detect these threats is promoted by training and phishing campaigns .
In the training courses, or the live hacking, we show the participants how the attackers proceed. We go through the steps together and try to put ourselves in the position of the attacker. Thus we can protect ourselves in the long run and recognize phishing attempts more frequently.
The path we recommend is to start with a phishing campaign. Afterwards, employees should be encouraged through training and be able to recognize typical features of a phishing message. After a certain amount of time, another phishing campaign will be conducted to compare the results of the two campaigns.
Have IT security tested
The education and training of employees sensitizes the human part of IT security. But besides the human being, the technology within a company should also be secure. Updates are one of many IT security tips that are necessary. LogMeIn also mentions that regular penetration testing is an important part of a company’s IT security.
In a penetration test, various technical applications can be attacked from the outside. The security gaps found are handed over to the company in a detailed final report.
Continuity: The best IT security tip
Every day new security gaps are discovered and partially exploited. Systems that are still considered safe today could have been cracked tomorrow. Since this process is very fast-moving, IT security in companies must keep up with this pace. To ensure that all systems are permanently secure, regular penetration tests should be carried out. These penetration tests attack the systems with the latest Trojans and security gaps can be discovered before criminals discover them.
Not only the technical level must be secured by regular tests, but also the human level should be continuously trained. People cannot be made more secure by “updates”, so training and live hacking shows make sense. Phishing messages are becoming more and more professional and therefore more difficult to recognize. We show the participants the latest phishing messages and explain in detail how these messages can be recognized.
This post is also available in: Deutsch (German)