Everyone Should Know About Password Protection

What are your password protection policies? Most organizations spend a lot of time creating and updating passwords to improve cyber security, then fail to take very basic steps to protect them.

What You Need To Know About Password Protection

How many of these things happen on a regular basis in your organization?

  • Employees email passwords to each other to access systems
  • Passwords are regularly posted to a Google Sheet, Slack, or some other Web-shared service
  • Post-It Notes with passwords get stuck on monitors
  • Passwords are written on white boards in conference rooms
  • Text files with the name “Passwords” are saved on hard drives

None of these practices seem to be glaring security violations, but all of them are. The bad news for companies that allow, or even encourage, these practices is that they could be in violation of the terms of their cyber liability insurance. That leaves those companies responsible for costs associated with a data breach, malware attack or ransomware attack that interrupts operations. Your cyber insurance policy is going to investigate password protection if you file a claim. It is an unfortunate reality that small businesses, municipal organizations and nonprofits that can least afford to pay for a cyber attack are the most likely to engage in behaviors that encourage one.

Centering Password Protection

It is critical for all businesses and organizations to center password protection as a part of operational culture. From the moment someone applies for a job, make it clear that password protection is expected and that there is a zero-tolerance policy for violations. Employees often take a looser approach to password protection on the job than they do at home, because they do not internalize the same level of personal risk. If their personal email or bank accounts get breached, that’s a crisis. If the servers at work get breached, it’s not their problem.

Cultivating a Culture of Password Protection

Companies that utilize online hiring systems should require all candidates to create strong passwords when they apply for a job. “Strong” generally means at least 12 characters with at least one number or symbol and one uppercase character.

If possible, have your hiring system automatically generate a strong password and deny applicants the ability to change it. If an applicant’s first impression of your organization is that you take password protection seriously, they will take it more seriously and be receptive when you insist on good password protocols after they are hired.

On their first day at work, new employees should receive printed guidance on password policies. Be sure to include the following rules:

  1.  All passwords must be at least 12 characters with at least 1 uppercase letter and at least 1 number or symbol. Longer passwords and higher numbers of symbols and uppercase characters are encouraged.
  2.  Never use passwords from your personal accounts at work.
  3.  Create a unique password for every system or software that you need to access.
  4.  Do not write down passwords or post printed copies of passwords anywhere on the premises.
  5.  Do not save passwords into any type of file, including text documents and spreadsheets, on your work devices, including phones, laptops and shared servers.
  6.  Never email a password to a coworker or share a password over the phone. Any requests for passwords should be sent to IT (or a senior manager if there is no IT support)
  7.  Never post a password to a chat or internal communication platform.

Reinforce this message on a regular basis. If your organization requires employees to access a large number of services, consider using a secure password manager service that will let them access everything via a single login.

Why Password Protection is Important?

There are enough people out there trying to crack your passwords or use phishing attacks to steal them. Once a password has been compromised, it can create chaos for your organization and leave you vulnerable to cyber attacks for years to come. Password protection is a step any organization can take right now to improve their cyber security. For more advice and professional support, contact us online or call us at 1-800-658-8311 to speak to a cyber security expert. We specialize in public-facing organizations, small businesses, municipal cyber security and protection for legacy systems.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.