Bad work-related password habits have led to a wide range of user vulnerabilities in many businesses. With many still choosing to work from home and getting used to the hybrid workplace, personal security has fallen by the wayside.
Although it is true that businesses are increasing their use of important security measures like multifactor authentication – unfortunately, employees still have poor password hygiene that weakens the overall security posture of their company.
There are several critical password security measures that businesses should put in place.
Always use strong passwords
The reason so many websites ask for a strong password is not just to make you feel better, it is a legitimate practice. Using strong passwords that consist of eight characters long (if not longer) and a random assortment of capital and lowercase letters, special characters and numbers make for a harder password to crack. These passwords should avoid dictionary words that can be easily guessed - especially when we consider most hackers these days would have certain tools that automate password attempts - and personal details, which can be swiped off social media profiles.
In a survey of 1,000 employees by US company Keeper, it was revealed that:
34% have used their significant other's name or birthday
31% have used their child's name or birthday
37% of respondents to Keeper's survey said they've used their employer's name as part of their work-related passwords
This is a simple step to take and it is worth noting that these stats would be similar in a number of businesses here in New Zealand. It is an easy fix and one that all should consider implementing if a strong password is something you are lacking.
Use Unique Passwords for every account
It may seem convenient to simply have the same password for every account, but in reality, convenience should not override versatility. When a password is recycled, the chances of being hacked on all levels greatly increases. One thing you can do is have different combinations of the same core password. An example of this would be to have a capital ‘D’ at the start and a lowercase ‘d’ at the end on one account, then reverse this on a different account or include a different number combination for each of these logins.
Store all passwords securely, with full encryption
Having a strong, unique password for every account is helpful, but this is only a starting point. If you find it hard to keep track of every login detail, we suggest keeping a directory of all your passwords on hand either on an external drive - preferably not a mobile phone, as these can be hacked as simply as any other device - or a folder. It is important that these folders are secure, however. Full encryption is a stoic defense against cyber crime and the best way to secure your password details, but it can be tricky to set up
Our team can help you set up the appropriate processes and preventatives to ensure your data is safe and secure without the hassle. We can provide you with advice and further best practices to enable the best security possible for you and your business while working alongside you to ensure these solutions can be understood and made effective.
Never share work-related passwords with unauthorised parties
Work passwords are intended to be parts of a business's confidential information that should not be shared with anyone outside of the organisation, this includes spouses. Keeper's survey revealed that 14% of remote workers have shared work-related passwords with a spouse or significant other, and 11% have shared them with other family members.
Password-sharing within the workplace is okay, but only if it's done securely, with full end-to-end encryption
Shared passwords in the workplace can be done safely if employees share passwords using a secure method, and the passwords are shared only with authorized parties. However, Keeper's survey discovered that 62% of respondents share passwords through unencrypted email or text messages, which can be easily intercepted by an unintended party. If you would like more information on how to send encrypted messages or emails, contact the team at ACS and we can help walk you through this process.
Utilize third-party Software
When it comes to password security, many businesses are opting in to third-party software that helps improve security measures regarding the users' information. One such product is LastPass, which enables a range of policies designed to add an extra layer of protection. LastPass user's can implement a Super Admin View Password Recovery policy which allows LastPass to reset a master password - a password that secures your data against brute force attacks and keeps any data you have in your LastPass vault.
Another software we would highly recommend is Bitwarden. Bitwarden is an open source password management tool that offers end-to-end password encryption, meaning all your password information is kept locked up in a secure vault. This vault can be accessed across a number of devices securely and has an easy-to-use interface allowing for pleasant and straightforward navigation.
The way to keep your passwords secure consists of a number of factors that are both easy fixes as well as more in-depth practices, but it is crucial that these are followed in order to maintain protection and safety especially on work-related accounts. ACS can help you with expert advice and extraordinary services designed to keep your login information secure as well as provide you with best practices and training. For more information on how we can help you stay cyber-savvy and safe, contact one of the team.