Chief Underwriting Officer
It's that time again. After a long weekend, you've just logged on to your computer and you're about to sign in to one of your accounts when you're interrupted by the taunting message "your login password has expired". You sit there, picking your brains until you remember the password which you only changed 90 days ago. You tell yourself that you simply don't have time to think of a super elaborate password including never-used-before symbols, so you quickly add "123" to the end and click "remember password".
This is one of many common security mistakes of today. Using one or a variation of one password for multiple accounts not only makes life easier for you, but for cyber criminals too.
You register your details on a website monitored by hackers, using your email and the same common password you use for everything else and voila! They now have access to your Gmail account and by using various "forgot password" links, the opportunities are endless.
In comparison to the massive advances in technology over the years, good password practice seems to have fallen behind, with the loss or compromise of passwords often a major factor in cyber-crime. Passwords have remained our primary security measure since they emerged in the late 90's. Today, everyone within your business not only uses them to access privileged content, but also when using their mobile phones, social media accounts and cloud-based apps in the office. This automatically increases the risk that your business will face an attack.
Think about it, how often do personal devices containing company information end up lost or stolen? It's evident that with the increase in sophisticated hacking methods that conventional password practice is no longer enough and businesses must implement stronger security measures.
Here's our five top tips to help you improve password-security in your business.
Lose the bad habits
Ensure employees understand the importance of using unique and/or random passwords for every account they register with. Provide formal staff training on password best practice, stressing that passwords must be strong and secure rather than simple. Suggest the use of "passphrases" e.g. rather than "Spiderman" use "5pid3rMan". And for those who don't feel confident in remembering multiple passwords, password managers should be encouraged, to store and generate passwords for them. Some good free ones include LastPass and Dashlane.
Use two-step authentication
This option is offered by most online platforms, whereby a numeric password is sent to you by SMS/Text to secure your login credentials. This ensures the authenticity of password users is consistently checked in a way that is easy for employees.
Improve your BYOD policy
With the rise of BYOD (Bring Your Own Device), the demand for access to work emails on personal mobile devices has rapidly grown. But BYOD can also be a chink in your security armour, so consider introducing an identity and access management system to keep track of usage and identify any unusual activity.
Restrict access levels
Create one profile for all corporate log-ins, segmenting privileges for individual employees. This prevents members of staff accessing sensitive data outside their remit and makes it easier to automatically remove former employees when they leave the company.
Have regular face-to-face discussions with all employees, advising them to take proper security precautions inside and out of the office, while ensuring they understand the possible consequences of their daily habits. Simple things like inserting a random USB into their laptop or providing personal information (email, password, address, username etc.) to what seems like a trusted email can lead to data breach.
It's an unfortunate reality that even with the best security measures in place, your business can still be the victim of a data breach or cyber-attack. But you can greatly reduce your vulnerability through taking precautions to stay as protected as possible. Implementing password best practice is one crucial step you can take to keep your business safe.
And remember, if the worst does happen and you're facing the repercussions of a data breach, your final line of defence is a watertight and specialist cyber insurance policy. Find out more here.