Throughout our daily lives, we take precautions to protect the things we care about. We lock our house when we leave for the day, we put a guard around our fireplace, we strap our children into the car. So why wouldn’t we take the same precautions in our digital lives?
According to official Government cyber security breach figures in 2021, 39% of businesses in the UK reported having cyber security breaches or attacks in the last 12 months. With more and more businesses operating in a digital environment and cyber warfare increasing, it can be assumed that this figure is set to rise.
Exceptional password management is one such precaution that you should be taking. So what does this entail? Here are 3 steps you can start taking now;
- Implement a password management system
Like with everything in life, different people do things differently. One person may change their password each month to something extremely obscure and secure, while the colleague next to them may use the same password for everything for as long as they can remember. But when it comes to managing passwords within a business, consistency will help build your cyber-attack armour. A password management system which covers the entire business – office, remote and mobile locations – will help embed a good password culture and create a level of security consistency.
Password management comes in various forms, and the most suitable for your business will depend on many factors; how many employees you have, how many digital platforms you require access to, how many locations you have and how ‘tech savvy’ your workforce are, to name but a few.
In this digital age ‘there’s an app for that’ is a phrase we are very aware of, and in the case of password management, it’s very true! There are several apps and online platforms which offer password management of varying costs and sophistication, so if you have some budget in your cybersecurity pot, this would be a good place to start, especially if you are ready to embrace an online system.
We know that not everyone is ready for a fully digital solution just yet, and there are plenty of other systems you can introduce within your business to build that armour.
A ‘strong password’ today should be at least 15 characters long (longer is better) and should contain a mix of capital letters, lower case letters, numbers and special characters. It should not contact continuous numbers (like 234) or obvious characters such as names, phone numbers or locations. A password should not be something that could easily be ‘guessed’ and it should 100% not be the word ‘password’!
As the minimum length of passwords increases, so does the difficulty in remembering them. A pass-phrase is now considered best practice, 3 or 4 random words are easier to remember than a long random password. For additional security you could also add complexity by ‘salting’ the password with special characters, numbers and capital letters.
If you are not using an online password management tool, the most secure way for passwords to be stored is in your memory – but we all know that is not realistic, when there are so many passwords, and so much else to remember.
If passwords are written down, they should be stored appropriately inline with their classification (level of importance to the business). Access to this storage may be restricted and recorded, with regular checks that are logged in order to maintain confidentiality, integrity and availability of the information.
You should also consider the frequency in which you want passwords to be changed – is this monthly, bi-monthly? The time frame does not hugely matter as long as it is consistent. You should also consider if this is the same across all platforms, or if this should vary. For example, you may wish staff to update their mobile phone password monthly, but their email password only annually, many IT systems can force users to change their passwords regularly. It’s also worth bearing in mind how long it will take staff to update passwords, the more cumbersome and time consuming this becomes, the less likely staff will comply!
- Create a password policy
Now that you have a password management system that works for you, your business and your workforce. Write a policy which includes as much information as you can about how passwords should be generated and stored in your business. This should then be communicated to staff, and given the correct level of importance. Staff need to know that a password is basically a key, and only trusted people are given a key, so this must be taken seriously.
- Police it
You’ve taken the time to create your password management system, and you’ve trained staff on how to follow it. So make sure you police it and speak to staff about it, and take on any feedback they may have.
While password management is important, don’t feel overwhelmed. Introducing a very simple system in the first instance means you’re on your way to a more secure business. Remember, our experts are here to help you at every stage, so please do reach out if you need to.