Introduction
There’s a lot of talk about cybersecurity and all the recent data breaches. These make for big headlines, but you know what’s missing? Some basic advice for small businesses about how to keep their IT systems secure.
In this post, we’ll tell you the 3 simple steps you should implement today to create a secure password for yourself and something you can share with your colleagues.
As an added bonus – you’ll learn the password security method that makes things simple so you are not having to remember multiple passwords or create a new password every other week.
Step 1
Think passphrase instead of a password. A passphrase is a series of words instead of a traditional password.
Here’s an example of a passphrase “ManUnitedAreTheBestTeamInTheUk”
This is much easier to remember than something like “$@d32vpa” and guess what, it’s more secure.
The reason for this is due to the length of the password. A lot of hackers out there use brute force methods of attacking. In this method, they run software to guess the password. However, the longer the password, the more time it takes to imagine. Having a passphrase with multiple words combined takes years to crack instead of a few hours.
Step 2
You’ve probably been told to change your password on a regular basis. This is often preached as good practice but, research has shown that this is not the case.
The reason for this is due to users just changing part of the password when asked on a regular basis that they must change it. This often turns out to be changing the last few characters or incrementing a number at the end.
The other reason frequent password changes should be avoided is you tend to forget new passwords sooner, and that leads to users writing down their password on a post-it note or similar. This totally defeats the purpose of what you’re trying to achieve!
Thus, a best practice is to ask employees to change their password only in the case of potential threat or compromise.
Step 3
Create a password blacklist policy.
Hackers will sometimes implement what’s known as a “dictionary attack” on your network and cloud services. In this method of attack, the hackers use a list of the most common passwords people use to force their way into your business systems.
It’s surprisingly easy to do and a very common security weakness.
It’s good practice to show this list of common passwords to your colleagues, and inform them of easy to guess passwords that should not be used.
Depending on the IT system your business is using, you can also enforce the blacklist of passwords that can be created on the actual system itself. This is, however, the last resort and best to use the person method, as employees can also implement the rule on their personal accounts and emails.
Get in touch with us
Secutor Cybersecurity is a trusted partner comprised of industry leading experts in the fields of Cybersecurity and Governance, Risk and Compliance. We partner with our clients to deliver on-demand solutions tailored to expertly navigate the regulatory demands of their specific industries.
Our proven track record of successfully exceeding client expectations is achieved through the combination of our methodical approach, advanced technologies, subject matter experts, and synergy with client team members.
Secutor is your team of world-class problem solvers with vast expertise and experience delivering complete solutions keeping your organization protected, audit-ready, and running smoothly.