Written by Ron Stinson II – Director of IT & Security 

Headlines surrounding our personal online security, software hacks, and data leaks seem to be more commonplace in today’s news cycles. According to Forbes, in the first half of 2019 alone – 4.1 billion records were reported as compromised through breaches in data security. Could you imagine accomplishing everything you had to do in a workday – let alone a business quarter – without putting “data” into an online system or browser?  

In our virtual world, it feels like more and more, that your name is not yours, your email is not yours, it seemingly belongs to whoever you talked to or engaged with. Then, they mistreat it and don’t take carof it as you would which has resulted in a slew of new data privacy laws. California is the first in the United States to formalize laws to protect consumer data with the California Consumer Privacy Act or CCPA, but we see many fast followers up ahead. (We’ve made a few updates to our Privacy Policy to provide you with more transparency and support the new legislation.)  

Too often you find out well after the fact that your online identity has been mishandled and is now part of a massive data breach. For instance, over 65% of breaches in 2019 alone were from the business sector (Forbes, 2019) which means even if you didn’t send or receive a phishy email, your data could have been compromised simply by owning an iPhone, playing FortNite, or banking with Capital OneIt’s pretty scary when you consider the one thing standing between your company’s most critical digital assets and a hacker is …. a password.  

So, how do you create a culture within a company around security in order to ensure that your company’s IP and digital assets are safe? 

  • Fine tuning your level of permissions  
  • Encouraging strong passwords and Single Sign-On (SSO)  
  • Adding Two-Factor Authentication (2FA)  

Finding the Right Balance – Security & Usability 

Chances are you’ve heard this recipe before: “your password must contain one uppercase, one lowercase, one number, one special character, the minimum of 8 characters…”. Unfortunately, that’s a minimum password criteria, and even worse? It’s antiquated. In order to keep unwanted individuals out of your account you need to make it difficult, like having a unique password and username per application you use. The problem in making it difficult? It ultimately makes it more difficult for you, too. The crutches we fall back on are the things we do that make our life easier – in the case of software logins this exposes us to risk. How many of us fall back on something easy to remember? Wellout of all of the accounts that were hacked in 2019, 2.8 Million had a password of “12345” – (Nordpass).  

As you log in to your email to download important files, or export completed proposals from robust platforms, like Cosential, your data’s security should be an underlying thread in every aspect of your day-to-day. In the same way that you work hard to ensure your firm’s expertise are the best suited for even those largescale projects – we view protecting your privacy and data the same. The work you do in our platform is important, and it’s in trusted hands in our cloud. 

While we’ve had SSO for a while, we’ve recently introduced 2FA into the mix, as well. These are both easy ways we’re equipping you with that peace of mind while you continue to go out and win more projects and add your firm’s expertise to the built world. Here’s a myth-buster on the world of Permissionsthe subtle differences between SSO and 2FA, and how to infuse them into your daily routine: 

It only takes one weak link. 

What’s the bad rep with Permissions? Its not necessarily to keep secrets from one individual. Think of it this way: the more people that have wide breadth of access to a system the greater the chance of your system being compromised. Granting just enough permissions on a needtoknow basis is an easy fix to creating a more stable business environment.   

We need an easy button. 

We’re only human! We are likely to default to 8 character passwords, that’s why we’ve got SSO. 

  • SSO is a layer that keeps you safeso you can securely not have a million different user names and passwords. The complexities are taken care of for you automatically instead of you trying to compute unique password to memory. 
  • Streamlining your signon actually strengthens your team: less passwords to remember. Even better? One point of access minimizes the likelihood of using easy-to-crack passwords. 
  • SSO protects your accounts in one fell swoop. So, if someone leaves a firm or their data gets hacked elsewhere there is one “off-switch” for unwanted access to other applications. 

A little speed bump is good for us. 

Two-Factor Authentication (2FA) – is like a secret handshake. It’s a small act to confirm you should be let into the club….err, application. 

  • 2FA takes a unique personal identifier, like a mobile number, to prove that ‘you are you’ before allowing you to signin to an application. It’s often described as a little speed bump to slow down someone with bad motives. 
  • From your personal identifier, 2FA sends you a unique single-use and short-lived code for you to securely login to your account. 
  • Missed the boat with SSO? If you’re a small firm and still want that level of security, we offer 2FA at no additional cost. 

 

Your data is important to us. You need to put it in trusted handsLearn more about how Cosential decreases risk associated with hacks and compromised data with an extra layer of protection to your account.