Passwords can be the back door by which hackers access your computer systems, potentially creating great risk. Especially for companies in the tech space, it’s more important than ever to make sure proprietary data is appropriately gated and securely hosted, that access permissions are strategically allocated, and private information doesn’t become unprotected in a public forum.
Unfortunately, security warnings, especially as they relate to passwords, often fall on deaf ears. Users blithely ignore warnings about password security, and we continue to see the popularity of passwords like “123456,” “password,” and “qwerty”—those unfortunate login choices that sit atop SplashData’s Worst Passwords of 2015. For IT pros, educating employees, establishing strong password protocols, and committing to ongoing education are the keys to keeping your organization, and your data, more secure. Let’s explore.
Educate Your User Base and Customers
Staying secure requires more than just wishing your team would make better password choices. It’s going to require ongoing action and education to address this potential security issue and to keep your team on their toes. Start by assuming that your employees don’t know the risks that are associated with weak passwords. People tend to look for the easiest solution to a password requirement, so a password that’s super simple to remember and/or one that they use without modification on multiple sites is often a no-brainer. They aren’t thinking about the dangers of insecure passwords and the potential risk those passwords open up for the company (or for your customers), as a whole. Educate them on those issues, on an ongoing basis, and everyone will benefit.
It also behooves businesses to educate customers on the dangers of insecure passwords, not just internal personnel. Using your email newsletters, corporate blogs, or social media channels as educational tools for the dangers associated with weak passwords can make the Internet a more secure place to work for all.
Create Login Systems That Require Strong Passwords
You can educate your employees on the structure of good passwords, but it’s also a good idea to reinforce that idea company-wide as much as possible. Do that by creating protocols for internal login systems, and require passwords be a minimum of eight characters long, contain at least three uppercase and lowercase letters and include numbers and symbols. Also, make sure your employees understand the importance of using strong passwords on their personal devices as well. In a study published by Centrify Corporation, more than 43 percent of respondents admitted accessing sensitive corporate data on their personal device while on an unsecured public network, such as the airport or a coffee shop.
Even after you have created a more secure employee password system, long-term security is not guaranteed. Your internal procedures should require users to change passwords on a regular basis, and you can facilitate that by setting reminders for them. Changing passwords every 90 days is a good place to start, so try implementing that policy and see how it goes. While you’re reminding your employees to change passwords, put systems in place that require your customers to change and update their internal passwords regularly as well. This will help keep sensitive data more secure and once people get used to these practices, they will soon become the norm.
Go Further With Additional Security Measures
You can implement some additional security measures that will help create more secure data protection throughout the company. These include:
Single sign-on. The single sign-on method is just as it sounds—rather than sign in multiple places, single sign-on users only have to sign in once because systems are combined. Single sign-on improves productivity and can help with employee time management. Keep in mind, though, that single password must be ironclad or the data loss risk grows exponentially.
Biometrics. Biometrics describes a markedly different category of ways to grant access to gated systems and their data. Examples include fingerprint scanners and voice recognition software. The monetary and resource investment for biometric initiatives can be high, but it eliminates the need for passwords altogether.
Two-factor authentication. Two-factor authentication (sometimes referred to as 2FA) is a popular security tool because it combines more than one method of proving identity. It hinges on the belief that an unauthorized actor will be hard-pressed to be able to supply both factors required to gain access to device, system, application, etc.
With these systems, logins can be verified through a variety of means – desktop/app, via code/text, or via single sign-on/voice recognition – but what it all boils down to is having two of these three methods:
- Something you know, such as a password or passphrase
- Something you have, such as a token device or smart card
- Something you are, such as a biometric
In any of these instances, there are multiple layers of security factored into the process, making it more difficult for cyber attackers to gain restricted access.
What Do We Do From Here?
It’s clear that the use of inadequate passwords is dangerous—to individuals, to the company, and for your clients as well. The risk of being hacked is no laughing matter, with breaches being in the news on a daily basis. Security is top of mind for businesses and IT pros the world over, and no doubt it’s on your mind, too. Educating employees about risk, creating systems that ensure password protocols are followed, and providing ongoing training and assistance can go a long way toward keeping people safe.
Additional Resources on this Topic: