top of page

Back to the Basics: What Organizations Need to Do to Ensure Strong Identity Management Programs

This guest post was contributed by Neil Jones, Egnyte

Neil Jones, Egnyte

In my experience, companies with the most effective cyber-protection programs have learned that identity management is a critical first line of defense against potential cyber-attackers. On #IdentityManagementDay – and every day – organizations and their users need to follow best practices in order for identity management programs to succeed. Best practices at the organizational level include:

  • Requiring users to utilize strong passwords and to have passwords updated on a routine basis.

  • Implementing Multi-Factor Authentication (MFA) in as many use cases within the company as possible.

  • Closely monitoring log-ins that occur via remote access technology to confirm that the log-ins originate from expected geographical locations and don’t leverage compromised users’ accounts.

Best practices from a user’s perspective include:

  • Never, ever sharing your sign-in credentials with anyone, as doing so can provide a malicious colleague with a gateway to an insider attack that appears to be perpetrated by you.

  • Not utilizing your business email address or phone number for affinity accounts at supermarkets, pharmacies, etc. Over time, managing such messages from your business account can make you more susceptible to clicking on a phishing email that doesn’t come from a legitimate source because your guard is down.

  • If you’re reading this and one of your passwords includes the name of a family member, your favorite pet’s name, or the location where you grew up, please change it immediately. Many Web site authentication questions leverage questions that contain such information to enable you to authenticate.

For maximum effectiveness, proper identity management should be combined with proven endpoint security and data governance solutions, since it’s imperative that organizations protect what cyber-attackers want access to the most – their data. It isn’t sufficient to protect the technical infrastructure around the data, you also need to protect the data itself. ###


bottom of page