To protect your business, there are several steps you can take in order to secure your data. While you can ask people to create stronger passwords or constantly update software, it’s best to start by training them to safeguard their passwords. Take some time out of your busy day to implement the following practices and make sure each department is adhering to these policies.
Do Not Reuse Passwords
If you want to create a password policy that is impenetrable, do not reuse passwords. This should go without saying. Unfortunately however, it does not. Reusing the same passwords across various systems and accounts can turn one digital intrusion into a long, drawn-out digital disaster. Even if you use one password for data as a service solutions at work and use that same password for your personal Facebook account, this is a dangerous mistake. Make sure it is a part of company password policies to never reuse a password. Remind employees of this every time you get a chance. Otherwise, any password policy you create will be ineffective.
Don’t Leave Passwords in Easy-to-Access Places
Discourage your employees from leaving any notes containing their passwords underneath their keyboards or glued directly to their monitors, as that completely defeats the purpose of creating passwords in the first place. We aren’t just referring to writing or printing it on office paper and leaving it lying around people’s desks, either. Ask them not to leave passwords in any computer files, and to not save their passwords to any documents they have floating around in the cloud as well.
Always Log Out of PCs and Sites When Not In Use
Never ever let your employees leave their workstations without securely locking their PCs. If anybody forgets to do this while taking a bathroom break, anyone else can easily sit down and break into your accounts without even having to guess your login information. One other thing: do not force people to use the same password for every single PC in the office, as that can leave you vulnerable to major data breaches.
Never Share Passwords with Coworkers, Friends, or Family
The only way employees can be sure about their password’s safety is if they are the only ones who know it. This is even one of the most common social media tips offered for users seeking security. Encourage your employees to report to their department heads if any of their coworkers are forcing them to share their login credentials at work. If it turns out that your department heads are the ones trying to collect sensitive information, ask your employees to tell you about any suspicious activity and act on it immediately.
Enable Two-Factor Authentication on All Devices
There may be a few times that an employee or two may slip up and forget to uncheck the “remember me” box on certain websites. If this happens, two-factor authentication is your company’s best defense against any hacking attempts. Think of it as the bank lockbox of IT safety. To be safe, tell your departments not to save any browsers’ information and to let two-factor authentication occur for every login-attempt. It may be a little more convenient, but a few seconds of retyping and reconfirming your login can help your company avoid paying millions in data breach damages.
The Takeaway: Guard Passwords with Your Life
Even if employees do have a strong password, it’ll be all for nothing if they carelessly gave it to somebody else. If your employees are using several accounts and have trouble remembering their passwords, you may want to invest in cloud security solutions that offer convenient but encrypted logins. In the end, remember that your business is not only run by you, but by the people under you, too. The company’s endpoint security is not just in your hands, but in theirs as well.
How To Enforce Password Policies
If you want to enforce password policies for the utmost level of online privacy at your business, there are specific ways to go about it. If you plan to enact a policy that states that passwords must meet complexity requirements, you can do this simply using Windows Server 2008. All you have to do is check to be sure that you have the “passwords must meet complexity requirements” box checked in settings for the server. This will prevent any employee from creating a password that does not meet those guidelines.
Image from http://www.noip.com/blog/2013/12/04/9-easy-ways-choose-safe-secure-password/