As an IT services professional and consultant, it’s astonishing to me how often password security is one of the last things that people think about when it comes to cybersecurity. In many aspects of business, such as sales or operational improvements, it’s all about “low hanging fruit.” When performing a cost/benefit analysis, it’s natural for people to think of the easiest way to achieve the highest return on investment (ROI). And there's nothing more cost effective or costly when it comes to security than how you manage your passwords.
When it comes to their personal lives, 69% of online adults in the U.S. report that they aren’t concerned about the security of their online passwords, according to research by the Pew Research Center. This is particularly disturbing considering that 64% of U.S. adults have been impacted by at least one form of data breach or theft. If people are not truly concerned about their own personal password security, how can you be sure they’ll take the necessary precautions to protect your company’s passwords?
When it comes to online security, the starting place is your password. This serves as your first line of defense against unauthorized and often malicious access to your sensitive data, files, and other information.
Does your company or firm have a password policy? And if so, do you know what it is? And is it documented in your Computer Use Policy or Acceptable Use Policy? Here's a list of things to consider around your password policy.
Questions About Your Password Policy
- Is a password policy well defined or is password creation left up to individual users?
- Have you implemented a time limit for how frequently passwords must be changed?
- Are strong passwords required that incorporate numbers and symbols?
- Are passwords systematically reviewed on a regular basis to ensure they’re not easily “crackable?”
- Are passwords written on sticky pad notes and stored in visible places, such as a person’s computer monitor?
- Are passwords communal and shared among your employees?
- Do your network and various applications share the same generic password?
If you allow individual users to create their own passwords — or even if you assign one person to create passwords for everyone — it is important to make sure that the password does not contain only words that can be found in the dictionary. This is one of the most frequently used tools by hackers to crack passwords.
Another thing I also recommend is to make sure that users who create their own passwords incorporate numbers and special characters to break any password patterns. However, if users use special characters like “@” in lieu of “a” or “0” in lieu of “o,” then their efforts are effectively moot, as these are all things that even the least experienced hackers already know. Learn more about what you can do to improve your password practices and policies, and to enhance your organization’s cybersecurity efforts.
I often see strong concern and have discussions with clients about security assessments, firewalls, hacking and penetration testing, yet there is a huge discrepancy with regard to having no clear password policies outlined. While it’s wonderful that concerns are growing and that people are starting to take security more seriously, I still feel the need to emphasize the most obvious point: Stop putting the key under the front door mat.
Contact us today to learn more about our technology security assessment services.