Password Security

When you notice your cyber risk score assessments, you’ll notice that passwords are a part of the way your score is given.  This analysis comes about because passwords overall are a part of your cybersecurity layer, but also because there are password breaches that take place regularly throughout the years.  Cyber criminals are always trying to get into some company’s network.

With this in mind, we’re going to review some simple steps and pieces of information that can support you in securing passwords, as well as making the case of password security to your company board members or anyone who needs to make decisions with cybersecurity alongside you.

Let’s start.

You want to make sure to keep an eye out for password breaches.  It’s important for the following reasons.

1. Staying ahead and updating your passwords if you use a software or service of any company that gets breached.
2. Assess your current online cybersecurity and strengthen your password security.

Next, three straightforward action steps to implement that will strengthen your company’s password security.

1. Use long, random password combination.
2. Don’t reuse old passwords.
3. If you can, turn on 2-factor authentication (2FA).

With these three password security action steps always in place, across the enterprise, you can sleep a lot better at night.

The question that arises, how do you make sure they are implemented throughout the enterprise?

If you want to handle it the “human” way, this means setting up the following items.

Policies and Procedures – Password Security “Must Do”

• The three actions given to you above are what you want to implement
• Include them as password security rules in your policies and procedures.

Employee Training – Password Security “Action Steps”

• It’s important to have your security executive, typically the CIO or CISO, give training to all employees on the simple rules to follow.
• Online cybersecurity awareness training is also an option since it includes things such as password security.

Third-Party, Business Associates (BAs), Supply Chain, and All Collaborative Software or Service Entities – Password Security “Set Up”

• Here is where the “human” way gets a bit more complex, but it’s still feasible if it’s your preferred option or only option.
• Check privacy and policy, as well as security procedures, with all third-parties, BAs, supply chain, and all entities you work with or do business with.

The last bit of advice for strengthening your password security is to use a password manager.  Here’s a list of why this is a great option for your password security steps.

• Identifies weak passwords
• Detects duplicates
• Generates random passwords

A password manager gets your passwords in order since you can import all the passwords you have ever used or use, and because it can generate truly random passwords to replace all of your existing passwords.

Once you start using a password manager, you’ll probably not want to go back to the manual password credential creating process.  To update all your passwords is probably the least favorite part of keeping your password security strong, but for cyber risks, it’s worth it.

If you need help with password security or your cybersecurity posture, feel free to schedule an appointment with one of our cybersecurity experts here: https://calendly.com/ncxgroup