We all use passwords to log in to applications at home and in the office. From email applications, to CRMs, to even gaining access to a company’s Wi-Fi network, most of us have to enter a user name and password to log-on. Even though applications require passwords for access as security measure – with a little work and patience, someone can easily crack a user name and password to gain unauthorized access to a system or an entire network.
Did you know that one of the easiest ways an outside third party is able to hack credentials such as a username and password is due to human error? This is often because organizations don’t enforce strict guidelines for password creation and storage, which can put system access at risk.
Here are four do’s and don’ts for improving password security:
Require Complex and Unique Passwords
While this may sound like a redundant recommendation, you’d be surprised to find out how many companies have lax requirements for the strength and complexity of passwords on their systems. Employees should not be allowed to use passwords that could easily be cracked such as birthdates, pet names, or simple numeric combinations such as 123456. Even if employees do have strong passwords, they often fall into the habit of using the same password for multiple authentications. For example, the same password they use to log onto their workstation is used to log into their email as well as gain access to the company’s content management system. If someone on the outside is able to crack the password for one application, they could easily gain access to multiple areas.
Don’t Allow Sharing of Passwords
It’s easy to think that all employees have their own passwords they are in charge of, but often organizations will share passwords amongst multiple staff members. This is often the case for social media accounts as many individuals work to manage these accounts. Password sharing is also prevalent amongst interns and temporary employees who are not given their own unique credentials to log onto the system. Get in the habit of making unique, individualized credentials to reduce the risk of log-in information falling into the wrong hands.
Advise Your Employees to Keep Passwords Somewhere Safe
Establish strict guidelines for where your employees should store their credentials. For example, user names and passwords should never be kept on a post-it note on the wall of someone’s cubicle, on a computer monitor, or under a keyboard. User names and passwords also shouldn’t be sent together over email or text message. Instead, user names and passwords should be stored in separate locations, away from other eyes in the office.
Change Your Passwords, and Do it Frequently
Often times a vender will provide default credentials for products and or services. For example, many devices such as computers and wireless routers come with the default user name of “Admin” (often admin is also used as the password). These default credentials need to be changed immediately after initial set-up. Although it might be easier to simply use the credentials provided by a vendor or service provider, companies need to change these passwords to something that is unique to only the users accessing the devices or services. Additionally businesses should consider having their employees change their passwords at regular intervals (such as say once every three months).
While a lot of these recommendations may sound like common sense, you’d be surprised to find out how many businesses don’t follow these guidelines. Want to make sure your business is following best IT security practices? Contact Roan Solutions today to speak to one of our IT consultants.
