How secure are your systems and data? More than 80% of data breaches are caused by password disasters. A huge part of keeping your important business information and sensitive files safe is making good, strong passwords and reinforcing them with powerful security tools to protect them from hackers. But when many folks think about improving password security, they’re thinking of adding characters to their passwords like capital letters or numbers, maybe even a punctuation mark.
These days, that’s simply not good enough. In a 2020 study, 42% of respondents said that their organization had been compromised because of a bad, stolen or cracked password. In a record-setting cybercrime risk landscape, every organization must do more to secure their access points.
This Word Password Day, we’re taking a look at 3 password security DOs and 3 password security DONT’s to help you keep your data in and the bad guys out.
DON’T: HANDLE AND STORE PASSWORDS UNSAFELY
Pay attention to how employees are storing their passwords. While most people are aware that writing your password on a sticky note and putting it on your monitor (or keyboard) is not a good idea. But those aren’t the only bad ways to store passwords. Remind employees not to store their passwords in electronic documents either. Just say no to storing passwords in email, Teams messages, spreadsheets, Word documents, Trello cards and any other text-based document to keep them safe. Ideally, passwords should be stored in a secured format, like a secure shared password vault.
DO: MAKE A FIRM PASSWORD POLICY
Make it harder for the bad guys to hack into your systems or crack a password by practicing good password hygiene. There’s an excellent free guide from the National Institute of Standards and Technology (NIST) that details password best practices and it is considered the accepted industry standard guideline for password creation. Use it to create your own password policy. Make sure that policy applies to everyone and is strictly enforced – highly privileged manager, administrator and executive passwords are especially prized by cybercriminals, and that’s something you definitely don’t want to get out.
DON’T: FORMULATE OR ITERATE PASSWORDS
Does your LinkedIn talk about how devoted you are to the Maryland Terrapins? Is your Facebook full of Baby Yoda memes? Are you constantly retweeting Critical Role? Awesome – just don’t use any of those things to make your password. Basing your passwords on easy-to-find information about you is dangerous, but based on analysis of the data that we collected in 2020, 59% of employees use a person’s name or family birthday in their passwords, 33% include a pet’s name and 22% use their own name. On top of that, 49% of users will only change one letter or digit in one of their preferred passwords when required to make a new password. Don’t make it that easy for the bad guys.
DO: USE A UNIQUE PASSWORD EVERY TIME
After constructing a strong password, you can’t just keep reusing it. The average user reuses a password about 14 times, and 39% of people admit that they use their favorite passwords interchangeably across passwords across both their work and home applications. In a recent study, investigators also found an estimated 543 million employee credentials for Fortune 1000 companies circulating on commonly used underground hacking forums, a 29% increase from 2020. Every application and device should have a strong, unique password. Not the same password you usually use with a number on it. Not a sequence of numbers. Make a brand new password that conforms to your guidelines every time.
DON’T: SHARE PASSWORDS
Yes, it can be annoying to find the one person who has access to something, especially with people working remotely. It’s definitely a huge pain in the butt to add and remove user access from applications all the time. Of course, it makes it easier to get that change made when you have an administrator password handy. But that is a road to ruin. Never share your password with another employee or give it out in an email, message or over the phone. Take the pain out of changing access and permissions and give everyone their own, unique launchpad that’s adjusted to their access level by using a login solution that offers Single Sign On (SSO).
DO: USE MULTIFACTOR AUTHENTICATION
Even if all of your users are following a sensible password policy, practicing good password hygiene and creating strong, unique passwords every time, that’s not going to keep your systems and data safe. Passwords can be phished, stolen, sold, hacked, cracked…the list is never-ending. But one single tool can keep your business safe from 99.9% of password based cybercrime: Multifactor Authentication (MFA). Experts in every corner of tech agree that MFA is a must-have including Microsoft, Google and the US Cybersecurity and Infrastructure Security Agency (CISA). It’s a requirement for compliance in myriad industries including healthcare, defense, law enforcement and finance or if you’re bidding on federal or state contracts.
Putting powerful access management in place is simple and affordable – and you don’t even need to buy more than one solution. our password management tools pack everything that businesses need to secure their systems and data the right way into one powerhouse package that starts protecting your business immediately. Plus, you’ll never spend time waiting on a password reset again!
We’re ready to help you celebrate World Password Day by taking your organization’s password security to the next level. Don’t roll the dice with password security for another day. Contact our solutions experts and let’s get started!