Password Recommendations for Internal Auditors
The pandemic has developed high stakes for internal auditors to adapt to changing rules and cyberattacks are becoming increasingly more sophisticated. Creating strong passwords will keep your information secure especially with electronic documents and services.
Please consider these recommendations for password audits.
1. Password requirement
– Create length and complexity using 15 characters.
– Use upper and lower case letters, numbers, and symbols.
2. Use multi-factor authentication policy
– Adopt the 2-step process to security. This ensures protection and verification when logging in from computer, phone and tablet.
3. Role-based action control (RBAC)
– Method which restricts system access to authorized users. Depending on their role in the organizations, users are not granted access to information.
4. Strong encryption at rest and in transit
– Your data is protected where it’s stored in your computer, phone, database, iCloud service.
– Your data is also protected when it moves from a location to another (sending emails).
– Protect your data from outsiders by implementing cryptography, data encryption keys and periodic crypto-shredding.
5. Patch management and regular vulnerability scanning
– Know what systems are connected to your network
6. Network architecture and boundary protections
– Protect usage of routers, firewalls and external networks or information systems to prevent and detect malicious and unauthorized infiltration.
7. Audit logs
– Keep detailed records of all activity. Reflect back to it when security is breached.
8. Proactive security monitoring with AI behavior-based protection
– This service detects threats and monitors activities to identify anomalies.
– Analyzes for suspicious activities of object’s behavior.
9. Third-party audits and penetration tests
– Adopting audit third party will ensure security measures to meet firms standards.
– Tests evaluate response time to security threats, protect reputations and products, improve existing security measures and avoid financial damage.
10. Backups and other resilience planning
– When attacks happen, firms need a plan to recover data and applications. Back up your entire computer often. Computer hard drives are cost-effective and easily portable. Flash drives and solid state drives use flash technology to absorb data quickly.
Internal auditors are trained professionals who independently and objectively assess a company’s financial and operational business activities efficiently and effectively. Their responsibility is to protect the company against fraud and theft of assets. In addition, they ask executives to rate likelihood of certain future risks and check accounts to resolve discrepancies for technology and fraud risks and errors.