A note from Julien Soriano, Chief Information Security Officer at Box
At Box we understand how crucial your content is, and we are committed to ensuring it is secured. But we can’t do it alone, we need your help driving security capabilities that help protect your organization from being compromised and ensure your content is kept in the right hands. With 82% of data breaches involving a human element, account takeover (ATO) represents a major threat these days, and that means your organization’s security must start with enabling strong identity credentials and authentication controls.
Multi-factor authentication, or MFA, is one of the most potent tools available to admins when it comes to verifying user identity. Bad actors frequently leverage compromised user accounts using only passwords to evade security controls and access content with stolen credentials, so MFA introduces an additional layer of authentication. When you enable MFA within Box, users will be asked at login to provide a code delivered to either their email, app, or through text. With MFA, even if a user has their password credentials stolen, the bad actor won’t be able to directly breach your organization. Box also supports the usage of a number of enterprise single sign-on (SSO) solutions, which serves a similar identity verification purpose, but spans multiple services in enterprises configured to support SSO.
Check how to enable multi-factor authentication for your organization.
Another critical component of any effective content security strategy is maintaining good password hygiene. Making sure your organization uses strong, and regularly updated, passwords is vital in a world where anyone with a computer and an internet connection can access and deploy malicious software, or buy lists of stolen passwords by the thousands. It is critical to ensure that your users are not re-using passwords across multiple sites, and stay vigilant for major external breaches that could compromise your employees and potentially require a password reset. Box enables you to require strong passwords for both internal and external users to access content, and set the rate at which user passwords need to be refreshed. These strong passwords should be complemented with MFA for strong credential protections against account takeover (ATO).
Check how to enable strong passwords for external collaborators.
The strongest access policies in the world won’t protect your content if you don’t verify who you’re letting through the front door. This was just a brief overview of some of the ways Box can help you ensure the identity of users accessing your organization’s critical content.
Watch this video for an overview of these and other security best practice settings, and if you have any questions please don’t hesitate to reach out.
Thank you,
Julien Soriano
Chief Information Officer, Box