Think about some of your personal online accounts right now. Chances are that you have an email account, social media accounts, bank account and much more, and all of them are protected with passwords. But do you reuse passwords across different accounts? Do you regularly change them? Most importantly, are your passwords strong enough to keep cybercriminals away from your private information?
We all now use passwords so frequently, it’s easy to become complacent. Whether you loathe passwords or merely dislike them — it’s unlikely anyone “likes” passwords — they offer the first line of defense when someone tries to access your sensitive information. Your online financial accounts are, of course, the most obvious example, but even unapproved access to a social media account can provide personal information that could be used to harm you.
While most people understand their responsibility to protect their personal accounts with effective passwords, properly securing business accounts is even more important — a message that needs to be understood and acted upon at every level across your organization. Although a complete cybersecurity strategy utilizes multiple components, strong passwords are a necessary minimum standard for protection. Every employee needs to use strong, unique passwords to keep sensitive business information and systems secure. A cybercriminal that gains access to your systems can permanently damage your business’s reputation while also putting your employees’ and customers’ private information at risk.
Practicing Good Password Hygiene
It’s not enough to simply put just any password in place. The passwords you choose need to be unique and complex. What makes a password complex? Typically, a complex password incorporates a mix of uppercase and lowercase letters, numbers, punctuation and special characters — the longer, the better. Additionally, your password should never relate to any personal information (even the names of pets, which you may post on social media), nor should you use dictionary words. Your password should be nearly impossible for someone to guess, even if they know you well, but you also need to ensure that your password is something you can remember.
But even with a complex password, it’s likely still not enough protection. Each of your accounts and devices should have a unique password that hasn’t been used anywhere else, at any other time. Online services do sometimes get hacked, and if your email is associated with a password that’s reused across other accounts, such as bank or email, you could be exposed to a pretty extreme cyber attack, even if it’s years from now.
Making Passwords Easier to Manage
It can be nearly impossible to remember so many different complex passwords. Fortunately, there is a kind of software that can help. With a password manager, you only have to remember one (very strong) master password, and the software keeps track of the rest. It will even help you create complex passwords for your different accounts to ensure that your information is as protected as possible and notify you if one of your passwords appears on a list of databases that have been hacked. Avoid using your web browser as your password manager. Web browsers are not a secure way to store passwords and will leave your passwords vulnerable.
The other increasingly essential tool deployed on business systems is multi-factor authentication (MFA). Also known as two-factor authentication (2FA), this system requires at least two forms of identification — something you know (a password), with something only you have, like a code delivered to your phone number, email or smartphone app, or even a fingerprint. You’ve likely already encountered MFA accessing online services you use, and it has become a best practice required by most cyber insurance policies for coverage.
Spread the Word (not the password)
If you oversee a team of employees, it’s vitally important that every last one creates strong passwords and regularly updates them. Your team should have training on cybersecurity practices, including information on generating complex and unique passwords. If just one employee fails in this, it could open you up to a cyber attack.
Creating strong passwords does not have to be difficult. If you’re struggling to remember or create strong passwords, use a password manager. Better yet, implement MFA. Using strong passwords is the simplest means of protecting your sensitive personal and business information.