5 Ways to Strengthen Password Policies
Have you ever thought of all the passwords your employees use every day just to access their work applications? The number might surprise you. A recent study shows the average employee manages more than 100 passwords for all the websites and services they use. Experts also say this number actually increased during the pandemic, when many people took time out to download more leisure and productivity apps while they worked from home.
Is it possible to keep track of 100+ passwords? Probably not, which means it’s becoming more difficult for business owners to keep their work environments secure. It doesn’t help that many employees often use the same password for each of their accounts.
A study by Verizon shows 80% of known breaches are caused by weak or stolen credentials, and 76% of employees experience password issues regularly. The same study also showed that a whopping 43% of cyberattacks are hitting small businesses.
IT departments are feeling the heat. Many technicians currently spend up to 4 hours a week dealing with password-related issues.
So, what’s the solution? You need better password policies and you need the right tools.
There are plenty of password management solutions on the market right now, but if you don’t establish solid policies to manage and protect your company’s passwords, you’re leaving the door wide open to a data breach.
Five ways to improve your password policies and keep your company’s data safe
1. Establish a password policy
Password policies are a collection of rules to help companies increase computer and network security. This usually means requiring users to create secure and reliable passwords by setting specific standards. Password policies often describe how passwords should be stored and used and how often they should be updated.
Many businesses don’t realize how important it is to create strong passwords. In fact, recent stats by LastPass show that 47% of people surveyed use the same passwords for both their work and personal accounts. Cybercriminals are becoming more sophisticated and it’s pretty easy for a hacker to crack a simple password. We don’t have to tell you how disastrous this could be for your small business.
Here are a few password best practices to keep in mind:
- Make passwords more complex by including digits, uppercase and lowercase letters and special characters
- Don’t let users reuse old passwords by changing a single character to create what they think is a new password
- Establish forbidden passwords or phrases that are easy to guess such as names, your birthday or your username
- Require users to create different passwords for each system they use
2. Invest in a password management tool
Forget about all those passwords you’ve been saving on sticky notes. A password management tool will create and store all your passwords in one safe location. You won’t have to memorize all the login information you use for each site. Instead, you’ll just enter a master password in the tool to access your password vault and it will autofill your login credentials next time you visit the site. Password management tools can also help you generate and save strong, unique passwords when you login to new websites or apps. Since many password managers feature synchronized encryption across devices, you can use your passwords anywhere, even on your phone!
3. Take advantage of multifactor authentication (MFA)
Multifactor authentication is one of the best ways to prevent your passwords from being guessed or hacked. Rather than just using one password to login to websites or apps, users have to provide more information or take a specific action to gain access. This could be as simple as entering a code sent from your phone or a fingerprint scan. MFA protects your account because even if your password does get hacked, the perpetrator will still need to provide at least one more form of authentication to steal your data.
4. Train your employees
Once you decide to create new password policies, you have to make sure your staff is trained to use them properly. This applies to both new and existing employees. Everyone has to understand why they should use password management tools and they should know the best ways to use them. Make sure your employees know how to generate new passwords and replace old ones that are too weak or have been used before. If your company uses MFA, make sure your employees understand why it’s so important and know how to use it. Training employees can require additional time and resources, but in the long run, this is money well spent.
5. Follow compliance regulations
If your company deals with sensitive data from sectors such as finance or healthcare, you may be subject to compliance regulations. These types of accounts are often targeted by cyber criminals because of the sensitive data they contain. As a result, organizations such as the Health Insurance Portability and Accountability Act (HIPAA) have specific requirements for password security. Here are a few examples:
- Passwords should be at least 12 characters in length
- Passwords should contain uppercase and lowercase letters, special characters and numbers
- Passwords should be changed every 60 to 90 days
- Password reuse should be restricted
- The principle of least privilege should be applied
- Every user should be assigned a unique identifier (ID)
Take your cybersecurity beyond passwords
As you can see, implementing a strong password policy isn’t really an option—it’s a must. Cybercriminals are coming up with new methods and technologies every day to expose your user data.
If you’re looking for more information about password policies or password protection, check out LastPass or get in touch with us to talk about how to strengthen your security stack. You can also explore our Partner Guide to see how Sherweb can help your cloud business grow.