Password Basics That Are Still Ignored
So, show of hands (or comments below), who still uses some form of "Password" in their password? You can have all the locks, cameras, pin pads, and guards you want on your data center, and still suffer a breach.
You might have heard, but as the BBC reported, Equifax in Argentina was using 'admin' as both their username and password to access some confidential employee tools, which included customers' national identity numbers (similar to our SSN in the USA). (http://www.bbc.com/news/technology-41257576)
If your employees are sloppy with passwords, or your password policy is ineffective/insecure, all of your expensive security measures virtually useless. There are many ways data can be breached, clicking on risky links, opening emails from unknown/unsolicited sources, etc. Today we’ll just talk about passwords though.
Here are some basic practices that you should require your employees to follow. These are basic tips. System administrators can and should implement other policies, such as those that forbid using passwords previously used and locking accounts after a few failed attempts to login. But just for you as a manager, here are a few tips.
- Change Passwords - Most security experts recommend that companies change out all passwords every 30 to 90 days.
- Password Requirements - Should include a of mix upper and lowercase, number, and a symbol.
- Teach employees NOT to use standard dictionary words (any language), or personal data that can be known, or could be stolen: addresses, tel numbers, SSN, etc.
- Emphasize that employees should not access anything using another employee's login. To save time or for convenience, employees may leave systems open and let others access them. This is usually done so one person doesn't take the time to logout and the next has to log back in. Make a policy regarding this and enforce it
- Enforce a one time, mandatory password changes for a terminated employees desk mates or nearby co-workers incase someone shared (intentionally or otherwise) a password with a terminated employee.
These are just a few basic password tips, but they can make a big difference in keeping your business's sensitive data safe.
ROI Technology Inc. typically manages passwords for our clients. If you have too much to do to deal with implementing and enforcing a password policy, click the button below and lets see if we can work together to secure your business.
Like & follow ROI Technology Inc. on social media for contests, free e-guides, and more!