7 Essential Tips for Creating an Office Password Policy that Defends Against Breaches

7 Essential Tips for Creating an Office Password Policy that Defends Against Breaches
7 Essential Tips for Creating an Office Password Policy that Defends Against Breaches

For most businesses, the only thing standing between their most valuable and sensitive data and a data breach is a single password. And while most employees know they should be using strong, unique passwords for every login, many of them don’t enact password security.

It’s a common battle between the need to remember the password and get logged in so they can stay on task and the need for passwords to be as secure as possible to stop potential data breaches.

A 2019 report by Ponemon Institute that surveyed  IT and IT security practitioners about password security illustrates this dilemma well:

  • 66% of respondents say it’s very important to protect passwords 
  • 51% of respondents say it’s too difficult to manage passwords

When it comes to network security, having good password policies is a vital part of your overall security infrastructure. You can have the strongest firewall and anti-malware program available, but if your administrator’s password is hacked, a criminal can easily bypass them. Poor password management is like putting a great alarm system on your Ferrari, but leaving it unlocked with the keys in the ignition.

So, how do you put a good password policy in place? We’ve got several tips to help you set and enforce proper password management, so your data and network stay secure.

Password Management Best Practices

While securing your credentials might not seem as flashy as getting a next-generation firewall, it’s just as important.

81% of company data breaches are the result of weak passwords.

Instituting a good password policy means putting your policy for password management down on paper and ensuring your team has the right tools to carry it out.

Get started with the following password mangement tips.

Require Strong Passwords for Every Login

You’d be surprised how many people still use “password” or “12345” as their login password. If you just let employees use any credentials they like, there’s a good chance it could be a weak link in your data security.

Requiring a “strong” passwords means putting rules in place to ensure passwords contain:

  • A combination of letters, numbers, and symbols
  • A combination of upper-case and lower-case letters
  • At least 7-10 characters at minimum

Don’t Share Passwords

In the Ponemon study, 69% of people admitted to sharing their credentials with work colleagues. It’s a bad habit to get into because once a credential is shared, the owner no longer has control over it… what happens if that colleague shares it with someone else? It’s especially dangerous if it’s shared with a vendor. It’s a better policy to create another limited time login if needed than to share passwords.

Don’t Save Passwords in Browsers

Saving passwords in Chrome or another browser make it quick an easy to login, but they could be putting your logins at risk. If a device is lost or stolen, the thief can easily get into any login just by accessing the site in the browser.

If your company is subject to any data privacy regulations, this can also make it more difficult to do audits of your security policies if you have employees saving credentials in a variety of different browsers.

Use Two-Factor Authentication

Using two-factor authentication with your logins increases your password security by leaps and bounds. When enabled, it means that a second form of authentication is required to complete login, which is generally a time sensitive code sent via text message to the user’s mobile device.

So, even if a hacker does get a hold of your login, it means that they still can’t get access, and you’ll be alerted via text that someone is trying to use your credentials.

Use Unique Passwords

One of the most common bad password habits is to use the same credentials for several different logins. Many people have a rotating list of 4-5 passwords that they use for everything, both at work and home. But this means that all a hacker has to do is get a hold of one, and it can unlock multiple other data sources. It’s becoming all too coming for credentials to be breached at major retailers (like Target) and then sold on the Dark Web.

But, how does one remember strong passwords, without saving them in a browser, and make them unique for every single login? Out next tip will help!

Employ a Password Management Tool

You can solve the problem of how to remember strong, unique passwords for every login by using a password management application. They keep a vault of all your passwords that only needs one master password to unlock. 

Key features of using a password manager include:

  • They suggest strong passwords to users
  • Users only have to remember a single strong password
  • If devices are lost or stolen, the password vault can’t be accessed without the master password
  • They auto-fill credentials for fast logins
  • Businesses have control of all their logins across multiple devices
  • They can be used for credit card details too

Enforcing Password Policies

The best way to enforce good password policies is through your applications that allow you to set acceptable credential parameters. For example, you can require users to set up two-factor authentication in Office 365. Many cloud-based platforms also allow you to set how many characters a password must be and what it requires (i.e. at least 1 symbol).

Training your staff on these policies will also help with enforcement but automating the process as much as possible will ensure no weak passwords fall through the cracks.

How Strong is Your Data Security?

Don’t leave your data security to chance. Whether you’d like to implement a password manager or need a checkup of your network security, B-Comp Services can help. 

Give us a call today and sleep easier tomorrow. You can reach us at 303-282-4934 or request a free consultation online.