10 strong password tips to improve your business’s cyber protection
The humble password has a lot to answer for. It’s the gateway to your digital identity: emails, bank accounts, social media platforms. And now that access points to so many important platforms have become digitised, the humble password is an escalating point of weakness – for individuals and for businesses.
The single easiest way for a hacker to gain access to your personal information is to use the same password for multiple accounts. And once a hacker gets access to an email account, they can use this to reset passwords to any area of your life.
Humans know that password reuse is insecure and yet they do it anyway. In a personal setting, this is an individual’s choice. But in a corporate setting, weak access points provide so many more opportunities for cyber criminals to attack. The importance of robust password practices cannot be overstated. One of the simplest yet most effective ways to fortify your business’s defenses against cyber attacks is by ensuring that your employees have strong passwords, and that your cyber security training program and cyber safety culture reinforces best password practices regularly.
Here are the top 10 tips to strengthen the passwords used by your employees:
1: Length Matters: Encourage employees to create passwords that are at least 14 characters long. Longer passwords are inherently more secure as they are harder for cybercriminals to crack through brute force attacks.
2: Complexity is Key: Advise employees to include a mix of uppercase letters, lowercase letters, numbers, and special characters in their passwords. This complexity adds an extra layer of security.
3: Avoid Common Words: Discourage the use of easily guessable passwords such as “password123” or “123456”. Hackers often use automated tools to crack passwords, and common words or patterns make their job easier.
4: Unique Passwords for Each Account: Stress the importance of using different passwords for different accounts. Reusing passwords across multiple accounts increases the risk of a security breach if one account is compromised.
5: Change Regularly: Encourage employees to change their passwords regularly, preferably every three months. Most enterprise systems can prompt employees with expiry dates for passwords, to mitigate the risk of unauthorised access, especially if a password has been compromised without the user’s knowledge.
6: Beware of Phishing Attempts: Educate employees about the dangers of phishing attacks, where cybercriminals attempt to trick individuals into revealing their passwords or other sensitive information. Remind them to never share their passwords via email or other unsecured channels. Regular training can reinforce emerging phishing techniques and test your organisation’s resilience to such attacks.
7: Use Passphrases: Instead of single words, encourage the use of passphrases composed of multiple words separated by spaces or special characters. Passphrases are easier to remember and harder to crack than traditional passwords.
8: Implement Two-Factor Authentication (2FA): Where possible, enable 2FA for all accounts. This adds an extra layer of security by requiring users to provide a second form of verification, such as a code sent to their mobile device, in addition to their password.
9: Keep Passwords Secure: Remind employees never to write down their passwords or store them in easily accessible locations like sticky notes on their desks. Instead, implement an enterprise password manager system to securely store and manage corporate passwords.
10: Regular Training and Updates: Finally, schedule ongoing cybersecurity training to keep employees informed about the latest threats and best practices for password security. Regular reminders and embedding a culture of cyber security from the top down in your organisation will help reinforce good password habits and keep your business protected against evolving cyber threats.
Providing regular training to improve your business’s cybersecurity posture is crucial, especially when it comes to reinforcing good password practices among employees. CyberPathways offers transformative Cyber Awareness training for businesses with our tiered Cyber Essentials programs. Contact us to discuss protections for your business today.
Remember, strong passwords are the first line of defence against cyber attacks, so invest in training and empower your employees to keep your business safe and secure online.