When leaving the office at the end of the day we all check to make sure that everything is secure and locked up. We only share the key to our office with a trusted few people. But we can tend to be more careless with creating and securing our passwords that give access to some of the business’s most sensitive information.
Today, passwords are required to sign in to most accounts, websites, and cloud-based software. So your employees are required to create and remember multiple passwords to be able to access the tools needed to do their job. They may store these passwords in a notebook that could easily be lost or stolen. Maybe they have multiple sticky notes or little pieces of paper displayed all over their work area advertising access to your business’s information.
Passwords are still one of the simplest pieces of information for today’s cybercriminals to decipher and steal. With more businesses using cloud-based software that requires sign-in credentials and employees working remotely, it’s more important than ever to make sure to create strong passwords and store them safely and securely.
Best Practices for Your Employees Creating Passwords
All Passwords Should Be Unique:
With the number of passwords needed, it is tempting to use the same password across multiple accounts. But once someone gets hold of that one password then they have access to all your accounts. So no matter how tempting it is to use the same password for ease of remembering, it is very important to have a unique password for each account or website.
Your Employees’ Passwords Should Not Contain:
- any information that could be found in public records online such as names, addresses, or dates.
- string of letters or numerals that are obvious. For example, asdfgh or !@#$%^ are an easily recognizable keyboard pattern.
- words even if some of the letters have been changed to numbers or symbols. For example, even with changing the word baseball to bas3ba11 it can be easily deciphered. · any string characters that are in the list of the most common passwords.
Restrict Devices Where Passwords Are Entered:
Your employees’ personal devices are more vulnerable to being exposed to viruses and malware that can steal your company’s sensitive information. These personal devices can also be difficult for your company’s cybersecurity to protect. So your employees should be restricted from accessing your business information from their personal devices.
Should you use a password manager?
It used to be that employees only had a few passwords to remember but today many applications and websites they log into requires entering a password. Keeping in mind not to use duplicate passwords, that can mean there are many more to remember and keep track of. That’s where a password manager comes in handy by organizing and remembering for you. Once your employee enters all their sign-in credentials into their vault the only password they have to remember is the master one for their vault.
Plus, password managers can:
- generate long random passwords and a mixture of letters and numerals making them harder to be deciphered.
- save time by auto-filling credentials for online accounts.
- alert you to an unreliable site if a browser-based manager is being used. If the site is not recognized it will not auto-fill the sign-in credentials. Check out cnet.com for some of the best password managers out there; from LastPass a free password manager to 1Password a subscription password manager.
Should your business use a two-step authentication?
Even with strong rules in place for creating and storing passwords, there can still be the threat of them being deciphered or stolen. With today’s sophisticated cybercriminals having the ability to test billions of passwords, an added layer of security is essential in protecting your company’s information.
What Is Two-Step Authentication?
Even if someone gains access to your employee’s password, a two-step authentication adds that extra layer of security by making sure that the correct person is accessing the account. It does this by requiring the user to enter information beyond their username and password.
Examples:
- Verification codes that are sent to a cell phone or email.
- Personal security questions that are unique to the user signing in.
- Biometrics such as a fingerprint or facial recognition.
Even though a two-step authentication can take a few extra seconds and might seem inconvenient, it imperative in today’s world that we all take the extra steps needed to keep our business information safe and secure.
If you want to partner with MainStreet IT to keep your business and employees safe, give us a call at 717-354-8385 or email solutions@mainstreetitsolutions.com.