Passwords are the currency that hackers use to get into your data, hold it for ransom and cripple your company. Using strong passwords are the best – and the easiest – way to prevent unauthorised access. If you’re running a solicitors, accounting firm or medical practice you are working with deeply personal and confidential customer data – it is your company’s role as a trusted advisor to protect that data from a breach.
We have put together a list of 6 ways to safeguard company records by requiring strong passwords
1. It must be complex.
The more characters used, the better. Use upper and lower case, symbols, spaces, etc. Use a passphrase that is random. For example don’t use a password with your pet’s name. Instead use a random passphrase that will be hard to guess. Stay away from the obvious. Never use sequential numbers or letters.
Come up with unique passwords that do not include any personal info such as your name or date of birth. If you’re being specifically targeted for a password hack, the hacker will put everything they know about you in their guess attempts.
2. Be random.
It is not easy to create a random password or phrase because our minds go to things we know about or think about. If you’re having a difficult time being truly random, look around the room you’re in and choose an item, then look outdoors for another item, choose a food you hate then the street next to the one you grew up on.
3. The longer the better.
If you’re prompted to create a password of “at least eight characters” go above and beyond and double that. The longer the password, the harder it will be to hack.
4. You must require different passwords for each site, device and account you get into.
Recycling passwords or using a variation of the same password, for example: admin, admin123, admin345… is basically handing the keys to the company data to a hacker. Anytime you use a password in more than one location, you have weakened all of your passwords.
Along with a strong password or passphrase, Two-factor authentification will go a long way in protecting company data. Two-factor authentication (2FA) and multi-factor authentication (MFA) add an extra layer of protection (which becomes your first layer of protection should your account details ever get leaked). These protocols have become the new industry standard for effective security. They require something in addition to a password, such as a code sent to your phone, biometrics (fingerprint, eye scan, etc.), or a physical token. This way, as simple or complex as your password is, it’s only half of the puzzle.
6. Avoid using an email address as your log in credentials.
If possible create a username. When you use an email address, it makes it easier for a cyberattacker to dig deeper for your personal information in your email account.
Using unique passwords for every site or service, avoiding phishing sites, and keeping your computer safe from password-capturing malware is also important. Yes, you should choose a strong password—but you need to do more than that. Using stronger passwords won’t keep you secure from all the threats out there, but it’s a good first step.
If you have questions on password security, contact us today!