Just like good personal hygiene protects your body from invading germs and viruses, good Password Hygiene protects your data from invasion as well. And although we all know how important it is be diligent in protecting our passwords, sometimes we may sacrifice security for convenience which can lead to disastrous results. It may seem almost trivial to talk about good Password Hygiene, but sometimes we all need a refresher on how important the foundational concepts are.
Where are they getting in?
You’d never leave your company computer unattended at the local coffee shop with financial statements or employee documents on the screen. But, when we fail to practice good password hygiene, we are leaving ourselves just as vulnerable. In fact, a Data Breach Investigations Report performed by Verizon found that 81% of hacking-related breaches leveraged either stolen and/or weak passwords.
Attackers are looking for the easy score. The low hanging-fruit as we like to call it. Regardless of how it happens, once a password becomes compromised it creates endless opportunities for malicious individuals. A compromised password is the key to the front door, and attackers are not going to ask for permission to come in.
What is Healthy Password Hygiene?
Password hygiene is about what we do, and what we avoid doing with our passwords. It starts with implementing and enforcing a comprehensive password policy at your organization. This policy should include not only what makes a strong password, but clear rules about reusing, recording, and sharing passwords.
Even more importantly though, we must create a culture that follows the rules put in place! How do we respond when we see a sticky note with a password at a workstation? Do we give out our password to other employees so they can print that document we need? Are user accounts disabled immediately when they leave the organization?
Creating a strong culture around password hygiene is not about punishing employees for making mistakes. It is about keeping end-users informed about how, and why, we take password hygiene seriously. It also requires providing our users the proper tools to be successful.
In the next couple of blogs, we will talk about our favorite ways to help keep accounts secure, including enabling multifactor authentication, and employing a password manager. Thank you for reading our first Cybersecurity 101 blog. If you are interested in having a conversation about how to secure your business, we would love to hear from you!
Remember, cybersecurity is a long journey, but it is one worth starting today!