Cybersecurity is beyond compliance, and it is high time that businesses take note of that. Just being compliant to privacy laws and other regulations is not enough. The consequences of security breaches extend beyond financial losses. Reputational damage and loss of consumer trust can take years in recovery. In this post on cybersecurity, we are focusing on one of the key aspects that matter – password protection, and how to prevent theft and hack incidents.
Strong passwords are a must
A strong password is at least 10 characters long. It must have special characters, uppercase & lowercase letters, and numbers. Ensure that passwords are never reused and are hard to guess. Encourage employees to use nonsensical passwords, without any personal information included in any form.
Change all default passwords
All default passwords must be changed immediately for all devices, software, apps and resources, immediately after deployment. Ensure that the new password is strong and long enough, and employees must never share passwords, unless necessary for work and project needs, with anyone, not even with peers and colleagues.
Recommend a password manager
If your employees are not using a password management tool as yet, it is time to recommend one. A password manager makes it easy to retrieve and generate passwords, and employees don’t have to struggle with complex ones all the time, which further helps in saving time. Also, watch out for usernames. Usernames should be unique to every user.
Consider lockout feature
A password lockout-feature basically locks an account, device or resource, if there are more than a pre-decided number of login attempts. In most cases, three invalid attempts are enough to activate the feature.
Use multi-factor authentication (MFA) where needed
For privilege users, special resources, IP cameras, and assets that store sensitive data, multi-factor authentication (MFA) can be considered. Just adding another security question beyond the basic password can be a good way to add extra protection to an account. Other options include use of biometrics and selected information.
The road ahead
Cybersecurity is a shared business concern, and companies that have been proactive in their approach have managed to keep hackers at bay. There is no way to mitigate 100% of all risks, but being safe is always better than being sorry. Ensure protection of all network assets, update all firmware and software on a regular basis, and educate your team members on password protection – that’s the crux of cybersecurity!