In order to keep your business up and running and to avoid being hacked, your company must develop an effective password management policy. This is especially true for any business that must comply with HIPAA, PCI, and/or other regulatory compliances, as regulatory scrutiny and fines can be costly and time consuming. The following four steps can help protect your business from disruption.
Make Your Password Complex
Make passwords complex; don’t make it easy for hackers to access your company’s data. Include both uppercase and lowercase letters, at least one digit, and punctuation and special characters. Consider creating a passphrase that includes several words, but be sure to avoid expressions from movies or other everyday vernacular.
Avoid The Usual Suspects
Believe it or not, the most common password is “Password.” Whatever you do, do not use easy-to-guess passwords. Change all default passwords right away, and avoid obvious choices, such as your family name, your pets’ names, or your birthday. Also, not not allow employees to keep a Post-It on their desk with a list of passwords.
Change Passwords Often
Some systems automatically prompt you to change your password every now and then. For systems that do not already have this feature built in, consider making quarterly password changes mandatory for your organization. And remember: Recycling is good, just not for passwords.
Smart Management
Consider using a password management system or encryption email to secure your resources. Both can assist you in staying safe from malware and threats. Some malware programs are designed to “phish” for your password. While logging in, malware may transmit your password without your knowledge, so make sure you block against the latest malware in addition to keeping your antivirus definitions and operating systems patches up to date.
This is not a comprehensive list nor a guarantee to avoid getting hacked or having your password compromised; however, it is a good starting point for your company’s password management policy. For more information on secure sign-on, contact your Cloud professional today.