Studies show that 81 percent of hacking-related breaches used either stolen and/or weak passwords. When thinking about your company’s security structure, anti-virus, firewall and backup are all words that come to mind. However, we seldom think about the minimal things we can do for our company’s security, starting with our users. We can begin by looking at our employees as the first line of defense against a potential security breach within our company’s network by implementing a strong password policy. Below are several tips you can share with your users to ensure they create strong passwords.
- A secure password should include a series of random characters. For example, think of your favorite phrase and turn it into a password. It should be something easy for you to remember, but difficult for someone who knows you to guess. Once you have chosen a phrase, remove everything except for the first letter of each word of the phrase. Replace several lowercase letters with random uppercase letters, then substitute a number for at least one of the letters. You may also want to change one of the letters to a special character.
- Create passwords of eight characters or more. The longer a password is, the less chance of cracking it. It is fairly easy for a hacker to run a brute-force attack (trial and error method to obtain information) on a website to steal a password, especially if the password contains few characters. Statistically, if the password is shorter but more complex, it is easier to crack using a brute-force attack than the longer passwords.
- Use a combination of uppercase and lowercase letters, numbers and special characters (for example: !, @, &, %, +) in all passwords. Creating a password using a combination of letters, numbers and characters makes it more challenging to guess your password. When creating a password, you can substitute letters for symbols making it even stronger. For example, “@” can be used instead of “a” and “+” can be used instead of “t.”
- Avoid using key dates such as birthdays and anniversaries. Using personal information someone might know about you as a password should be avoided. If this information has been shared on social media, it’s best to avoid creating passwords containing this personal data.
- Don’t share your password. A survey conducted by a leading digital security firm showed that 95 percent of respondents admitted to sharing passwords with other people, even though most users know it is risky. Employees are also more likely to share passwords for work accounts rather than passwords for personal accounts. Even though sharing passwords for work may be well intended, it can be a major security threat to a business.
- Change your password often to limit multiple account breaches and prevent constant access. Most of the time when a hacker logs into your system and doesn’t show any signs of activity, they’re usually monitoring your account or continuing to steal information over time. It’s important to change passwords often to prevent the length of a hacker’s activity.
- Don’t use the same password on multiple sites. Hackers know that users are most likely to remember one great complex password. However, they also know that this one password is used on many different accounts. A hacker can use this password and associate it with other accounts that the user has. Using an account in multiple locations can also be problematic due to the lack of security posture within these organizations. If you use your account at home, work or the public library, it’s important to consider the network security of the places you’re accessing accounts. If one of these organizations has a lacking security system and a hacker gets into it, chances are they will use the information they’ve obtained from the users’ other accounts.
- Never save your passwords. Although many users may think of this one as a hassle, it’s crucial for online safety. There can be several threats when you save your password on a site. For example, if you dispose of your computer without reformatting the hard drive, anyone who uses your computer will have access to your old passwords. Also, if you lend someone your computer with saved passwords, it’s like giving them access to all of your online accounts.
At Tech Data, we have a team of security experts waiting to speak to you about your security practice. For more information on Tech Data and the security services we offer, contact us at firstname.lastname@example.org or 800-237-8931, ext. 73246.