The average computer user has a number of bad habits when it comes to passwords. These days, hackers are getting more and more creative with how they access a company’s sensitive information. Phishing attacks, social engineering, malware, keyloggers and backdoors are just a few of the methods used by cybercriminals. There is no reason for us to make it any easier on them. Computer users with poor password habits are making it that much simpler for the bad guys to gain access.
Some common bad practices that are used include:
- Commonly used passwords or phrases – Think qwerty, Password1, Welcome1
- Part of your name, kids name(s) or pet name(s) – these are easy for a hacker to social engineer
- Same password being used across multiple websites (or minimal variations to that same password)
- Little to no complexity to a password (all lowercase letters, no numbers or special characters)
- Passwords written down and left near your computer – (on a sticky note, under the keyboard or anywhere else it can easily be found)
- Passwords that are not periodically changed
- Shared passwords amongst family, friends or coworkers (remember you are only as secure as the weakest link)
The good news is that poor password management is an easy thing to correct and avoid. By using a program referred to as a Password Manager, another layer of security/complexity is placed between you and the BAD GUYS.
What Is a Password Manager? And Why Should You Use One?
A Password Manager is a computer program that allows users to store, generate, and manage their personal passwords for online services. A Password Manager assists in generating and retrieving complex passwords, potentially storing such passwords in an encrypted database or calculating them on demand.
Some key benefits of implementing a Password Manager are:
- Your employees do not need to remember multiple complex passwords (it seems that every site these days has different requirements in length of password, complexity, how often it needs to be changed, etc.).
- Your employees can use stronger passwords (with a password manager, not only will it allow you to choose a complex password that meets the requirements for a specific site, it also remembers the password for your employee so they are not writing that password down where it can easily be stolen).
- Your employees will have quick access to a secure way of storing passwords (most password management solutions include a web portal and mobile app for easy retrieval of all used passwords).
- Passwords can be shared with employees and access can be managed (if passwords are shared among team members, for example, those passwords should be changed when someone leaves their job, whether they are fired or leave of their own accord. Regularly changing shared passwords and controlling who has access to them gets significantly easier).
TIP: Your password manager should have multi-factor authentication (MFA) enabled to secure it from cyber criminals. To learn more about MFA, visit our article here on our blog.
Already Using a Password Manager? Additional Steps You Can Take!
Good password policies and management is an easy way to combat the ever-changing landscape of cyber security threats. To best protect yourself and your business, coupling this plan with other cybersecurity defense strategies will give you the best chance of keeping out the bad guys. Below is a list of other solutions you should implement to best protect your business:
- Security Awareness Training for all employees on a regular basis – Cyber threats are constantly changing as are the methods hackers use to gain access. Keeping your team up to date on new types of attacks, what to look for and how to respond is critical for ensuring your data is safe.
- Dark Web Monitoring – Usernames and passwords are regularly being sold on the Dark Web for anyone to purchase. These passwords may have been obtained from a breach, a hack, a phishing or social engineered method. Knowing if and when your credentials have been sold is critical so that passwords can be changed as soon as possible.
- Multi-Factor Authentication – MFA adds another layer of account security, supplementing the username and password model with another factor that only the specific user has access to. In essence, even if a password has been compromised, the hacker will still be unable to gain access without the additional factor that has been set up through MFA.
- Data Encryption – Encrypting data prevents unauthorized access to company data even if an asset is physically stolen. Traditionally, we think of encrypting a hard drive on a laptop so that even if that laptop is stolen no one can read that data. However, with the emergence of mobile devices accessing company data, it is becoming necessary to encrypt data even while it is in motion.
Contact us at firstname.lastname@example.org or visit here to schedule a 15-minute consultation in order to learn more about Optistar’s Cybersecurity Solutions. We will answer any questions you may have and give you an overview of our security assessment that is used to determine any vulnerabilities your company may have.
— Adam Lorenger, Optistar Account Manager