Should you care about how your employees protect their personal passwords? Depending on your password protection policy in the workplace, your employees may create passwords based on familiar passwords they use for personal use. Cybercriminals often hack personal websites for privacy information, including username and passwords, so they can gain access to internal systems. Offering tips to your employees on creating strong passwords may help you protect your valuable corporate data.
Passwords are essential for keeping information safe. Since they are a fact of life, we need to know how to keep our systems secure. This takes individual and corporate responsibility.
First, individual responsibility. What best practices can individuals establish to keep login credentials safe?
Start with a Strong Password
Create a strong password, instead of using easy guesses: Though they may be hard to remember, they are also hard for someone else to guess—and hack. Use combinations of capital and lower-case letters; if possible, include numbers and other special characters if your system allows. Numbers can replace letters (3 for “e”, @ for “a”, etc.). Avoid passwords using names of family members, pets, employers or favorite bands. Completely avoid default passwords like “password” or “admin.”
Change Your Passwords Frequently
Just like you change your smoke alarm batteries, you should change passwords even more frequently. According to a 2014 CompTIA Network+ training blog, change passwords every 30, 60 to 90 days or so. Even if a hacker or malicious site (“malware”) gets the old password, that password cannot be used. Tagging a number to a previous password or using a similar password isn’t safe enough; the new password needs to be substantially different.
Don’t Recycle Passwords
It may seem like a shortcut to have the same password for multiple sites (so you don’t have to remember so many credentials). But if a hacker gets access to the password for one account, they can access multiple accounts.
Don’t Share Your Password
This may seem obvious, but don’t share your password even with people you trust. When you share a password, you lose control over what happens with the password, yet you are also responsible for the consequences of misuse.
Keep Business and Personal Account Logins Separate
That is, don’t use the same password for online shopping or social media accounts as for a system login at work. Data breaches occur, and if a password for a personal account is the same as for a professional account, a hacker can access confidential information easily and cause damage to more than just one account.
While individuals may know all these guidelines, employers can and should have systems and practices in place to help individuals keep confidential information secure. Here are some ways employers can do this:
Relieve the burden of remembering multiple passwords. At the very least, instruct your workers to store their passwords in an encrypted document that only they can access. Better yet, invest in a password management system that automates strong password generation and update requirements, and manages user permissions. Passwords are stored in secure vaults that are also easily accessible.
Add a step, by using multi-factor authorization. Complex passwords are a good start, but remembering one – let alone many—is challenging. Multi-factor authorization provides a one-time password or PIN through a smartphone, token or fob. Use hand in hand with SSO (single sign-on) to boost productivity and make security even stronger. Workers will spend more time getting work done, and less time trying to remember passwords.
All of these precautions—both individual and corporate—are needed to keep confidential information safe. Individuals can develop strong passwords, and corporate IT departments can implement tools and systems to help them.
Contact your network consultant and IT Security specialist for more information on how you can implement controls to ensure your company passwords are protected.