Worry about your security all you want and keep locks on your data center and have the recommended level of network security available, but it will all mean nothing if your employees are sloppy with their passwords!
Based on data from real-world investigations and compliance management vendor Trustwave’s 2012 Global Security Report, the most common password used by global businesses is “Password1”! This is an unbelievable statistic, and it shows that many administrators don’t understand how to make password-based access policies more robust.
Here are some basic practices that you should require your employees to follow. System administrators should implement other policies, such as those that forbid using passwords previously used and locking accounts after a few failed attempts to login. But let’s take it a step further with these tips.
- Change out all passwords every 90 to 180 days.
- Each password should include a mix of upper and lowercase letters, a number, and a symbol.
- Teach employees NOT to use standard dictionary words (in any language).
- Don’t use personal data that can be known, or could be stolen like addresses, telephone numbers, SSNs, etc.
- A longer password is a more robust one.
- Emphasize that employees should not access anything using another employee’s login.
- Employees shouldn’t use variations of the same password such as changing the number or special character. Hackers know this is a common practice and are using this knowledge to guess the passwords easier.
These are just a few basic password tips, but they can make a big difference in keeping your business’s sensitive data safe. For additional information on password security best practices check out this video on our Computer St. Louis YouTube Channel.