If you don’t know the answer to this question, your business could be at risk. In our recent posts, we’ve talked about measures that small businesses can take to protect their information and their assets. Having a strong password policy is one of the most important measures you can take to keep your business safe.
Don’t be embarrassed if you are still using the sticky note method of enforcing a ‘password policy’. A recent Trustwave Global Security report showed that 15% of people had their passwords somewhere near their computer. Think sticky note or piece of paper under the keyboard, that’s another typical one.
You shouldn’t be embarrassed because the average person has 20 or more online passwords. That’s a lot to remember! It’s easy to see why people write them down.
However, the same Trustwave report showed that 80% of security incidents were due to the use of weak administrative passwords. Weak passwords are simple passwords that are easy to remember, and also easy for hackers to crack and then gain access to your information and assets.
So, you’ve got to have complex passwords, and you’ve got to have a safe place to store them. That’s where a password policy comes into practice. A password policy according to Wikipedia is a “set of rules designed to enhance computer security by encouraging users to employ strong passwords and use them properly.”
Those “users” are your staff, and a password policy is a set of rules or requirements on the passwords they use. So, you establish a password policy to protect your business and keep it safe from hackers. Sounds easy? Well, for anyone who has tried to enforce a password policy, putting it into practice is sometimes a challenge.
After enforcing strong passwords, often the sticky notes appear again, and “they’ll be thrown out in a week once we memorize the passwords,” yet, weeks later they’re still there. As we outlined in our white paper on Protecting Your Business from Hacking and Phishing, many of the security loopholes that hackers use exploit human weaknesses to gain access to computers. People will be people.
The solution to this sticky situation between IT and staff members is to use a password manager, sometimes called a “password vault,” a central storage location for all your passwords.
A password manager helps individual people keep their passwords secure. You don’t have to remember 20 passwords, you only need to remember one strong password, and this unlocks the ‘vault’ to the other secure passwords for your account, which are filled automatically by the password manager.
A password manager is also the key to keeping businesses safe and enforcing a strong password policy without ruffling any feathers with your staff. Once the password manager is setup, you can update, change, or make passwords more secure for different services, and your staff only needs to remember one strong password. Goodbye sticky notes!
We’re currently testing a new password manager solution for our clients. We want to be sure it’s secure and easy to use. Stay tuned, we’ll be updating on our progress here soon! If you have any questions or need help establishing a secure password policy at your business, feel free to contact us using the form below.