Skip to main content

Passwords They seem to have been with us forever

Passwords: They seem to have been with us forever.

As we continue to suggest things you can do to protect the integrity of your company and customer data, here is a blog that covers an old level of security that we still rely on everyday. That protection is the password, so let's talk about bedding up your employee’s handling of passwords.

Password hygiene - Passwords remain the most common everyday tool to ensure only authorized personnel have access to secure material. The issue is that passwords need maintenance and attention to be effective. Here are some common problems to avoid. And again, this requires a routine employee training program.



  1. Passwords that are too simple
    Simple passwords are easy to remember but easy to crack. Words, in any language, are not ideal either. That is why many sites require a mix of letters, characters, and numbers. And yes, some people are still using Myname123.

  2. One universal password
    Sometimes people find it difficult to remember multiple passwords for various files and applications, so they use a single good, strong password everywhere. This renders the good password virtually pointless and also increases the amount of damage that can be inflicted in the event that one ‘good’ password is compromised.

  3. Unauthorized password sharing
    Generally done with benign intentions, employees often share passwords for convenience or to expedite handling the sharing of data. Not good.

  4. Writing down passwords
    Sometimes, people follow all password best practices but find it difficult to remember complicated passwords and then write them down on a piece of paper or worse still, make a file containing all the passwords and store it in their email or computer. This is almost like giving away the keys to your property to a burglar.

  5. Forgetting to change passwords to change passwords or revoke access.
    This is an issue where the staff is busy and turnover is high. Managers may fail to remember to change the passwords once a staff member quits, leaving company data vulnerable. This is especially likely in a small company where there may not be a centralized IT staff that oversees data security and access.


Remember, having a password is not sufficient. Having the right kind of password and following good password hygiene is.

Multi-factor Authentication (MFA) - When a password isn't enough, the next step to improve security is MFA. MFA layers a second authenticator (e.g. another code, picture) etc.) on top of the password requirement. The idea is that if a password is being used by someone not authorized to do so, they won’t be able to provide the second piece of information. Consumers almost always encounter it when accessing financial services sites, but MFA is becoming more common across the board. If you use a credit card at a gas station, that request for your zip code after you insert your credit card is an example of MFA.

Comments

Post a Comment

Popular posts from this blog

Protecting Your Data on the Cloud

Protecting Your Data on the Cloud Cloud storage has transformed the way businesses store and manage data, but for some, it also raises concerns about data protection. This blog post discusses a few security measures that can be deployed when using cloud storage. Data Encryption One of the fundamental security features of cloud storage is encryption. It ensures that your data remains confidential and protected from unauthorized access. Cloud storage providers use encryption algorithms to protect data both during transit and when stored in their servers. This means that even if an attacker intercepts the data in transit or gains access to the storage servers, the information remains unreadable. Encryption adds an extra layer of security, ensuring that your data remains confidential and secure. Access Controls and Identity Management Concerned about access to data? Cloud storage providers offer access controls and other mechanisms to prevent unauthorized access to your data. These feature
Post a Comment
Read more

Why Migrate to the Cloud

Why Migrate to the Cloud If you haven't already considered migrating your data storage to the cloud, you are probably in the minority of businesses. While it may seem intuitive that somehow your data is safer if it is stored “ at home,” on location at the site of your business, that probably is not correct. Given the ability of skilled cloud service providers to provide redundancy and a level of security unattainable by a small business, storing all your crucial business data on site using in-house support is probably akin to keeping your money under the mattress instead of a bank. In this blog, we’ll explain what cloud data storage means, and some reasons why it may be a good business decision. In addition, we’ll quickly note some reasons some people get nervous about the security of cloud storage. What is cloud data storage? In an earlier time, a business would store all of its data on-site. Individual employees might keep all of their Word and Excel documents filed on their PC.
Post a Comment
Read more

Risk assessment: A Value model

Risk assessment: A Value model Risk assessment means looking at all the conditions, situations and threats that exist that could damage or bring down your business. Risk assessment is all about identifying the external and internal threats that exist and measuring the likely consequences if that threat becomes reality. A data security risk assessment would identify what data you have, how you use it, how confidential it may be, how it is affected by regulations and the ways it could be compromised. A major focus of a data security assessment is cybercrime. In terms of developing an IT staff, the alternative approach to building out a team is to determine your IT staffing needs in terms of risk assessment. That means evaluating risk and directing staffing resources to those areas where the risk is greatest and the consequences most severe. Basically, it is an evaluation on the ROI of your IT staffing in light of identified risk. In particular, what is the return on your risk management
Post a Comment
Read more