Cybersecurity is made up of three factors: people, processes, and technology. Deskie supports several methods aimed at ensuring the security of agent accounts, covering all three aspects. Looking ahead, it's worth noting that the most effective approach is to utilize available measures in combination.

According to research by Cisco, the readiness of over half of the world's companies for cyberattacks is below average. Experts agree that one of the main security threats to both personal and corporate accounts is unawareness of the threat. The simplest example: weak passwords. Users don't want to bother themselves with memorizing a long and meaningless combination of letters, numbers, and symbols, so they use passwords for personal and work accounts based on their pet's birthdate or the last digits of their home phone number.

There is no simple solution here. We recommend working with employees along two lines of actions.

The first is to explain the value of data itself. Unfortunately, the most common reason for careless attitudes towards computer security is a lack of understanding of the existing risks. People often think, "We're not a bank, who would be interested in our data anyway..." Meanwhile, scammers are demanding ransom for the data of schoolchildren's social insurance or hospital patients. And these trends in cybercrime will only gain momentum.

The second task is to inform the team about the existing methods of hacking. If you are responsible for security in a young and progressive team and believe that there is no need to inform the team about the dangers of opening "happy emails" or cases with flash drives of unknown origin, you are mistaken. Even technically skilled specialists can fall victim.

In Deskie, you can allow agents to come up with their own account password, or you can add agent's data in bulk when creating an account and set the login parameters as you see fit.

Take into account the general recommendations for creating passwords:

• the password should contain a minimum number of characters (recommended 15-20);
• it should include a combination of lowercase and uppercase letters;
• it should contain numbers and special characters.

However, relying only on a complex password and the prudence of your employees is not recommended. Even the most complex password can be stolen or hacked, so a combination of methods is more important.

IP access restriction allows authorization in Deskie account only from certain addresses specified in the settings. Many of our customers use this functionality. But if the team is distributed and everyone works from their personal device connected to a home or, sometimes, public network - problems are inevitable. Of course, Deskie provides various options for adding IP addresses, such as masks or multiple IP addresses added comma-separated. But in situations with dynamic IP, you can't take into account all the options.

A reliable and at the same time convenient option is to use a corporate VPN. Such a virtual network with access only for agents allows you to transfer data through an encrypted channel. As a bonus, this solution will allow you to work with services blocked in your country.

In combination with restrictions on IP-addresses, corporate VPN gives a sufficiently high additional level of protection from unauthorized access.

Two-factor authentication (2FA) is another way to effectively protect your account. This method is not impenetrable to attackers, but it makes life very difficult for them. For example, a couple of years ago Google started forcing users to enable 2FA, and the number of successful hacks was cut in half.

Do not confuse that method with two-step authentication, when you are asked first to enter a password and then - a pin or a code word. The fundamental difference between 2FA is that the data requested at each stage is of different origin. That is, if the password is something you know, in the second step you will be asked for a code from an app or Telegram (something you should get).

In Deskie, 2FA can be set up for both agent and admin accounts.

Two ways to receive codes are provided - through a specialized app or through a Telegram bot. At the initial setup you need to configure both, and then you can choose which one to make the main one.

In addition, you get a list of backup access codes in case the device with the authenticator app is not available.

The highest level of account security is achieved by combining all three methods discussed above: password policies, the use of corporate VPNs in conjunction with IP restrictions, and the implementation of 2FA. This approach makes unauthorized access practically impossible.

Let's say you have implemented all the recommended security measures. Does this mean that your company's data and your customers'' data are safe? Of course not. There always remains the most dangerous risk factor — human error. However, the absence of a 100% guarantee does not mean that you should not build your own personal digital Fort Knox.