Does Your Company Have a Password Policy?
No matter how many times IT professionals try to hammer home points about smart password usage, most users still are not getting it.
A recent report by password manager company LastPass revealed that about 40 percent of companies manually manage passwords. The report also showed that more than 50 percent of companies allow employees to monitor their own password behavior.
We’d like to say we’re surprised by this lack of security, but we’re not. Even after years and years of reports about valuable company data being compromised by hackers through weak password systems, most business owners just don’t make password management a top priority. Why is that? It’s difficult to say, but about 45 percent of the people surveyed by LastPass said password management negatively impacts their productivity.
How to create a strong password policy
A strong password policy for small to medium-sized businesses has never been more important to ensuring total data security. Keep in mind that your company’s data is only as secure as its weakest employee password. A poor password by just one employee can result in massive risks to your business. With that in mind, we thought we would offer some tips to creating a strong password policy at your company.
Use the 8+4 password rule
Do you know what 8+4 equals? When it comes to passwords, security. Simply stated the 8+4 rule encourages users to use at least eight characters and at least one upper case, one lower case, one number and one special character. A good example of this rule would be something like this: w4-vh4)zBYXy
Sharing is not caring
Never, and we mean never, share your password over any kind of digital format, including email, text message or instant messaging systems. Leaving password fingerprints in unsecure locations is an open invitation to hackers. While we’re at it, it’s also important not to share passwords among more than one employee. If more than one employee needs access to the same information, simply create another user account.
Don’t get personal
Avoid using personal information in passwords. If a hacker has targeted a high-ranking employee at your business, it won’t take them long to comb through social media to find personal details they can use to attempt to crack that person’s passwords.
Avoid “Remember my password”
Most programs, websites and browsers that require password use are also offering options to automatically “remember” your password. While this is an incredible handy tool to use so you don’t have to remember all your passwords or type them in, it’s also another place where your password can live without you knowing who has access to it. Avoid these tools if at all possible.
Don’t put pen to paper
We’ve seen it a hundred times. Employees with sticky notes covering their workstation with scribbled passwords. Granted, for the most part you should be able to trust your co-workers not to use your passwords for nefarious purposes. But what about people who come into the office after hours or when you’re not there? Do you want to give them such easy access?
Change it up
The longest employees should go with a password is six months. If your company has a master calendar, set up a reminder to be sent out to all employees. While it’s difficult to ask employees to have different passwords for all applications, mixing it up across platforms is another good idea.
Protect all devices
It’s not uncommon today for employees to have two or more company-owned devices. From laptops to tablets to mobile phones, it’s essential that all company devices be password protected.
Get a check-up
If you find it difficult picking a strong password, don’t worry. Help is available. Many password manager companies offer password strength tools. We recommend using this one from LastPass. This checker doesn’t store passwords you enter and is run locally on your machine.
If your company is lacking a password policy or basic IT protection that could prevent catastrophic loss of valuable data, call the Managed IT providers at BKS Systems. We can help get you on the right path!