Top tips to secure your company’s passwords

Good cyber security is essential to protect your business data, however some of the most simple IT security measures can be taken for granted and overlooked. Passwords are used every day and are the first line of defence against malicious attacks, so they should be at the forefront of any IT security plan.  Problems, that can be very damaging to any business, often occur due to carelessly stored passwords or passwords that are too easy to guess.  

 

What are the GDPR requirements? 

GDPR states that every business must put in place appropriate levels of IT security according to the sensitivity of the data, as well as other factors, such as being a target of interest for hackers.  GDPR does not state any specific requirements for passwords in terms of length, capital letters, numbers and characters but you must demonstrate that reasonable measures are in place to ensure confidentiality.  Many companies have a policy to change passwords every 90 days and use a password management system to ensure that they fulfil their legal obligation. 

 

How do hackers get your password? 

Common passwords 

Many people use two or three passwords, some use one with differing variations such as a 1,2,3 after it.  If that person registers on a site that is monitored by hackers, it doesn’t take the hackers long to gain access to their PayPal, Gmail, eBay and other online accounts.   

Guessing 

Hackers find personal information online from social media sites and other websites and use sophisticated computer programmes to generate possible passwords. 

Phishing 

An email, that looks like it’s from a genuine company, is sent with an offer or request that tricks you into giving private details and logins.  

Brute-force attacks 

Commonly used characters are used in different combinations. It is best to avoid common passwords such as; password, 123456, 111111, 000000, qwerty. 

Shoulder surfing  

Hackers will catch passwords in public spaces like cafes and libraries. Always be vigilant when using your password in public. 

 

Tips to improve password security 

Strong password 

Creating a strong password is a vital and important way of strengthening your security.  Make passwords at least 8 characters, use upper and lower case, numbers and special characters.  Avoid real words or ordered or sequential patterns as these make guessing much easier.  

Password manager 

It may sound obvious but don’t store passwords on paper and don’t ever email passwords. Use a dedicated Password Manager such as RoboForm or LastPass, which will automatically and securely manage your passwords from a central place. Password Managers generate random and secure passwords, encourage you to use unique passwords for each site you visit and log you onto sites, so you don’t have to remember your passwords. 

Multi-factor authentication 

This is an extra layer of security that requires another form of authentication as well as the password and username, such as, a fingerprint, IP address or Pin Sentry.  

Staff training 

Training your staff face-to face is an important element in battling cyber security and improving your IT security.  Here is a checklist of good practice for password management. 

  • Use different passwords for different accounts. 
  • Keep corporate and personal passwords separately 
  • Regularly change your passwords 
  • Always log off or lock your computer when you are away from your computer 
  • Never share your password with anyone, either verbally or electronically. 
  • Don’t use the remember function in your browser, if your device gets stolen you will have given them access to your personal logins. 
  • As soon as a password is hacked, immediately change it to something more secure. 

Company password policy 

Ensure all staff understand and implement the company password policy.  Annually review the password management policy and ensure it works for the end users.  If the person who manages this area leaves ensure there are plans in place to transfer information and appropriate know how.  If you don’t have the in-house expertise bring in an IT consultant. 

Protecting your business from malicious attacks does not have to take a lot of time and money. Simple steps such strong unique passwords that are stored securely can go a long way to strengthening your online security. 

   

If you would like any advice on IT Security please call us on 01603 451810 or contact us to find out more.