It seems like only yesterday the Times Square ball was dropping, ushering in a fresh New Year. But if you’re like most businesses that hit the ground running into the new year, you’ve barely had time to reflect, let alone make important cybersecurity changes.
It’s not too late to take a moment and reassess an important yet often disregarded security priority: passwords. Whether your employees are using “123456” (on a Post-It Note) or you have a sophisticated two-factor authentication system in place, reviewing the latest password best practices can give your company the security boost it needs.
You Can’t Control What You Don’t Manage
The first step for IT professionals is to address shoddy password practices by gaining back control. Yes, passwords shouldn’t be shared, but your company’s IT managers must have access to and control of employee passwords. And it doesn’t stop at their business passwords. If they are accessing social media, online shopping or other sites on company computers, their personal passwords could provide entry into your business systems.
Education Is Key
Don’t let your employees unwittingly lay out the welcome mat for hackers. If they understand what’s at stake, they’re more likely to work with you to help create a perimeter layer of defense. “I didn’t know” is not something you want to hear after an attack.
Employee Password Education Best Practices
- Talk About Security; create a climate of awareness. This isn’t just about passwords. Let employees know the threats other businesses are facing so that they are aware and on guard. Solicit their valuable feedback and be responsive.
- Don’t Forget the IT Department: It’s not just non-tech-savvy employees. IT workers are often targeted because they hold the keys to the kingdom. Just because someone is in the IT department doesn’t mean they’re immune from the rules.
- Set Up an Excellent Password Protocol. Choose easy-to-remember, hard-to-guess passwords. Some experts recommend phrases, such as “I love hot weather.” Don’t reuse passwords. At the very least, separate personal and business accounts and use your toughest passwords for company data.
- Remind Workers Not To Reuse Passwords! In 2012, a Dropbox employee’s password was stolen, compromising 60 million accounts. The password was initially stolen in a LinkedIn breach, and that same password was used to break into Dropbox.
Consider a Password Manager
You may want to use a password manager for your business and employees. A password manager is software that allows you to create a unique and strong password for every site or secure login. Password managers can create, store and auto-fill passwords for users across all online accounts.
Features to look for in a password manager include encryption, cross-platform and cross-browser synchronization, mobile device support, secure credential sharing, and support for multifactor authentication.
Here are a few recommended by the experts.
- 1Password https://1password.com/: Says you only ever need to know one Master Password.
- Dashlane https://www.dashlane.com/features/password-generator: Strong, unique passwords for all your accounts.
- KeePass: https://keepass.info/: Free, open-source password manager.
- LastPass https://lastpass.com/lastpassfour/: Makes password management easy.