Password management is a major problem for businesses across the globe. Verizon’s 2020 Data Breach Investigation Report states that 81% of breaches were password related and IBM’s Cost of a Data Breach Study shows that the average data breach cost $3.86 million, confirming that password management is not only a hassle but can come at quite the price tag.
You may argue that your company isn’t even close to being worth $3.86 million, but considering that the U.S. National Cyber Security Alliance found that 60% of the hacked small businesses go out of business six months after a data breach, a data breach for any size company should be a major concern.
To help circumvent this issue for you and your organization we have compiled 7 Tips for Password Management Best Practices. Knowledge is power and strong password management will not only reduce the risk of a breach at your organization but prevent major headaches for you and your staff later down the road.
1. Do Not Repeat
Memorizing multiple passwords across multiple accounts is a hard endeavor leading many employees to adopt the process of repetitive passwords. This practice may seem innocent enough, but if that one password is stolen, multiple accounts will be compromised.
To avoid this scenario, you need to come up with and implement a strong password protocol that does not allow employees to repeat their passwords across multiple accounts. This will deter hackers from compromising your organization’s security and stop a large portion of hackers too.
2. Set Up Two-Factor Authentication
When you only require your employees to have a username and password for logins, it is relatively easy for hackers to compromise their accounts. By adding two-factor authentication to the mix, it adds another level of security to your organization that is not quite as easy to crack.
This authentication not only prevents most hackers from accessing your organization’s accounts but notifies someone in your organization that their username and password have been compromised.
3. Employee Training
Educating your staff on the best practices for password management is critical for keeping your company’s data safe. This will not only prevent most breaches and brute force attacks but will streamline the standard operating procedures for passwords at your organization.
To make this transformation you will need to educate each of your employees on these 7 Tips for Password Management Best Practices. Doing so will move employees from a potential security liability to a secure user.
4. Utilize Password Management Software
Utilizing a password management software can alleviate a lot of the headaches of remembering dozens of passwords. These applications keep all your passwords in an encrypted vault that can be unlocked with one master password.
To make your organization’s password management software secure each employee needs a master password with these key components.
- Never used
- Long passphrase (At least 12 characters)
- Strong password
- No single words (IE: Password, Hello, etc.)
- Upper case letters
- Lower case letters
- Use a variety of symbols
- Avoid using repeated characters or adjacent keyboard characters (IE: 1234, QWERTY)
- Special characters
- No personal information (IE: Birthdates, Address, Etc.)
5. Adopt Long Passphrases
Passphrases as opposed to passwords are a new technique that keeps accounts more secure. The longer and more complex the passphrase, the harder it will be to crack.
Make your passphrases complex with a combination of strings of randomized letters, punctuation, unorthodox capitalization, and symbols. Doing so will prevent most brute force attacks which typically break down after 10 characters. An example of a passphrase could be IL0v3$prySqu@rEd (PLEASE DON’T USE THIS ONE!)
6. Create Password Blacklists
Hackers usually start their brute force attacks by trying to guess the most common passwords. Dictionary words, adjacent keyboard characters, and previously compromised passwords are all a part of this list.
To combat this, create a password blacklist that is shared with each person in your organization. This blacklist should encourage employees to never choose common passwords and instead have them opt for long, symbol filled, and obscure passphrases.
7. Ensure Secure Connection
In 2020, there are a wide range of devices and locations (your local coffee shop or favorite store) that may allow access to your organization’s network. While this is convenient, it can also spell disaster if employees use unsecured Wi-Fi connections or devices to access your network.
Secure this connection at your workplace by using Wi-Fi with level 2 access protection that applies strong wireless encryption. For employees who are working at home due to COVID-19 they will need a secure VPN connection that once authenticated can have users securely connect to corporate servers.
How We Can Help
Setting standard operating procedures for password management is a complex endeavor that if done incorrectly can cost your organization precious time and money. The Spry Squared team can help circumvent these issues with our password management portion of our Managed IT Services.
Cybersecurity is truly changing each day and you need a quick and nimble company to keep pace. Our managing partners have years of cybersecurity and project-based IT experience.
No question is too small, so we invite you to schedule a quick call to learn how we can help keep your company data safe and secure.