Password protection has changed dramatically over the years. Before the Internet, you only needed a password or two, unless you belonged to a fraternity or secret society. Today, we need a different obscure password for every account, which can quickly become overwhelming.
When you run a business, things get even worse.
Not only do you have to manage all your employee passwords, but you also have to track who has access to which resources at what time. Contractors need temporary access, vendors need restricted access, past employees need access removed, and the list goes on.
It may not seem like a big deal, but media scrutiny and government legislation regarding data security has increased in the wake of hacking attacks involving corporations, celebrities, and even the government.
The Pitfalls of Faulty Password Protection
Studies have shown that more than 90 percent of people use at least one of the 1,000 most common passwords to secure their systems. Troves of these username and password combinations have leaked online, which can compromise thousands—even millions—of people’s personal information.
Here are some common traps that can put you at risk:
- Using a single password for everything: Every time you reuse a password, you’re increasing the chances it will be compromised. If a random news site you frequent is breached, you’re putting your banking, business, and customer accounts at risk.
- Openly documenting your password: Writing your passwords on a Post-it note at your workstation may be convenient, but it defeats the purpose of having them in the first place. If a custodial person happens to walk by after hours, for example, he or she could access your accounts without your knowledge.
- Sharing login credentials and passwords: Sharing accounts also counteracts the purpose of passwords. You can’t uniquely identify someone’s network activity if you can’t pinpoint the person. Ensure that when credentials are shared, they are secure and their usage is tracked.
- Not revoking access to ex-employees: When you fire someone, do you let him keep the key to the building and company car? Of course not! In the same way, it’s necessary to track passwords as they’re issued so you can revoke them when someone leaves. Using Microsoft’s Active Directory is a great way to automate the management of user access to company resources without disrupting the flow of business.
Implementing Password Best Practices
With so many security threats and breaches around, it seems impossible to protect yourself. While business owners know password management is a good idea, they push it aside as an unrealistic task to control. Applying these simple strategies can help business owners reduce that risk:
- Incorporate password policies on a corporate level. Simply reminding employees to change their passwords every three months doesn’t guarantee it will be done. Using login and access management tools to enforce complex password policies are followed and providing them to employees will make a huge improvement in overall security.
- Use existing directory software to help with password management. Use software as a central point of control to ensure you don’t forget to revoke access when employees leave or their contracts end.
- Stay up-to-date on government regulations. Pay attention to government guidelines for storing certain types of data, such as identity and financial information. Noncompliance with these regulations could cost your business significantly in fines, the loss of your business license, or even prison time. Understand your risk and exposure if you’re not complying.
- Add another layer of protection via two-factor authentication. All employees should protect themselves with two-factor authentication that uses something users know—their passwords—and something they have, including onetime passwords sent to their mobile devices, tokens inserted into a computer USB slot, or biometrics. This reduces the risk of consumer or business accounts being compromised if cybercriminals gain access to their login credentials or passwords.
While passwords may be a pain, they’re manageable—and implementing some of the suggestions above is much less stressful and costly than a full-fledged security breach. What’s more, the proper tools and policies can provide convenience and efficiency for the long haul. Although passwords on their own are no longer enough to secure your data against any and all threats, a solid security strategy can dramatically reduce your exposure to the bad guys out there.
How do you keep your passwords safe?
Published: October 10, 2014