Most companies have no real password requirement everyone has a password but the clarity on what needs to be done and what is appropriate what’s not appropriate is not distributed to the company.
You need to take this serious securing your information is important.
“But Marge does not have anything really sensitive on her computer so we just leave her alone.” – Anonymous Owner
There is often a feeling that certain people need less security, because their work does not deal with sensitive information. Please understand leaving one person’s password unsecured is like leaving a door unlocked to your palace. You cannot make this assumption without paying high penalties.
All passwords need to be secure and updated. Often breaches start by entering a smaller target to gain access to the real target. We see hacks that use smaller companies who service larger organizations targeted because they tend to be very lacking in basic security.
It may sound cliché, but your password have to be strong or there is no point in it. There are plenty of articles and viewpoints out there about how complex passwords must be, but you should always have a minimum of at least eight characters. It should not be a dictionary word (in English or any other language). It should include both uppercase lowercase letters and a special character or two. A passphrase is a great approach as well as long as it is not common.
Passwords like 123123, letmein, birthdays, sports, names, even password1 are no good. It is like having a key with no ridges. Just get the blank and someone can get in.
NOTE: Stop writing your latest password on sticky notes and “hiding” them under your desk. That is a security 101 no-no. Store is somewhere safe, out of everyone’s hands.
Put your password and creativity to the test – The top passwords for this year:
Apparently lots of people enjoy playing baseball with a dragon and driving a superman mustang. Personally we prefer the bat mobile.
Take your password to the test at this “How Secure Is My Password” website.
Your WRITTEN policy needs to define secure and unsecured passwords, sharing rules, frequency of changing and reiterate the importance of them.
All those that complain may not be fully educated on the impact that a breach would have on everyone, not just the company. Please explain to your staff clearly why it is a requirement of being employed. Lastly, your employees need to acknowledge they understand it and are responsible to abide by it. They need to also be accountable.
The Skeleton of Your Policy Should Include:
Now let’s be reasonable, you are not Fort Knox, but perspective still matters. If you have anything of value on those systems that you wouldn’t want distributed to everyone: your employees, competitors, vendors, partners, investors, ex-spouse, etc. then you need to protect it. Like your key to the lock on the front building that’s there for a reason.
But really, who is out to get me? I am just a small business owner.
Maybe you are the kindest person with no secrets willing to give away all your information. Even so, you may not realize largest offenders are most often internal or external IT people [who have the largest amount of access to your network]. They have access to your servers, workstations, applications and firewall. Make sure you have a process to verify their compliance as well.
Also, be certain that many times these mistakes are simply that, mistakes. If one person unknowingly provides their password to an outsider who has any malicious intent, your biggest asset, and your information could be swiped from you in minutes.
In this case you can be yourself, be trusting on other levels, but don’t be naive with your information.
Lastly – Consider using a password manager software like Vault from ZOHO as a solution to your dozens of accounts.
“We are about 60% more effective, since we contracted with NENS. The new IT structure helped our office work more efficiently and NENS was able to help make our performance faster. NENS was able to diagnose issues quickly and fix them in a timely manner.”