Top 5 Security Tips for Email and Social Media Accounts

April 26th, 2017 by admin

White email envelope icon with several red, pink, and gray circles behind it

Email and social media accounts provide a wealth of cyber security challenges for businesses. Hackers often look for exploits in account operations to steal information and seize control—both of which can be extremely damaging and difficult to combat.

A compromised account is a problem for any business, but the confidential nature of financial, legal, and healthcare data means the stakes are even higher for these industries.

The following five tips highlight ways your business can protect its digital assets from malicious seizure and abuse.

1. Protect Yourself with Internal Accounts

Old, unused email and social media accounts aren't just clutter: They're metaphorical Trojan horses. Staff should use an internal email address (e.g., whenever this is feasible. It's possible that an email or social media provider will recycle unused account names at some point, which can be used to steal access to any contingent account still tied to the original. However, internal accounts may not always be possible in cases like Google services requiring a Google account.

2. Use Stronger Authorization Credentials

While only available on some platforms like Google and Apple, 2-step verification is among the best available security practices to keep your accounts safe. These systems work by sending a text message with a time-sensitive code to your mobile device that needs to be entered any time someone logs in to the account using a new device. Even if the password is compromised, 2-step verification prevents account access without the associated mobile device.

3. Avoid Reusing Passwords

If you can't use 2-step verification, a strong, unique password is your next best option. Email addresses are often used by different online services as an account identifier and password recovery method. If someone is able to reactivate an old email account, or create a new one that uses the same address, they can use "forgot" or "reset" password commands for accounts tied to that email address in order to seize access.

This situation is especially hazardous when staff members use the same password for all accounts. In these cases, email-based password recovery systems will not just restore access, but hand over the password.

4. Delete Over Deactivate

Make sure accounts are actually deleted, not just deactivated. Old, deactivated accounts become low-hanging fruit for hackers that your staff isn't paying attention to. To put it bluntly, the more accounts tied to your company's internal services, the more venues hackers have to exploit. Limit your exposure by closing unused accounts.

5. Remove Contingent Permissions

If you've deleted an account, it's wise to remove any internal permissions in other services tied to it to prevent someone else from creating a new account with the same details. Email-related logins may still work on other services even after the account has been deleted.

For example, don't just delete a departing employee's Gmail account; remove their account permissions from Google Analytics and Facebook account management as well. Your team should also make sure any contingent service accounts connected to that email address are removed. It may help to work with an IT consulting service to devise a cleanup procedure for employee departures.

If your business is looking to secure its digital assets, MPA Reliable Networks Email service is a great place to start—not just for its risk mitigation security benefits, but also its productivity and continuity perks. Contact us today for more information.

Posted in: Cyber and Data Security, Partners and Industries