As an entrepreneur, you are probably taking adequate steps towards cybersecurity. While no business is entirely immune to cyberattacks, it is important to be proactive. Hackers and cybercriminals attack small companies and large brands alike, and often, they hack into systems by cracking passwords. Unfortunately, many businesses have not taken ‘password protection’ as a serious thing. In this quick post, we are sharing the best practices and tips for protecting & securing passwords.
- Change default usernames and passwords. This is an overlooked aspect in many enterprises. Managers don’t seem to realize that it doesn’t take a lot of effort to actually crack default passwords, and even new hackers can infiltrate systems and devices. Make it a point to change all default usernames and passwords right after installation.
- Talk to employees about creating strong passwords. Employees, sadly, have been responsible for numerous security breaches, because they just don’t know what it takes to create a strong password. A strong password is at least 10 characters long, must have special characters, uppercase & lowercase letters and numbers.
- Never reuse passwords and change passwords frequently. For the longest time, users and employees were advised to change passwords periodically, until it was discovered that many of them are reusing passwords. While changing passwords is always a wise idea, make sure that no password is reused again.
- Consider multifactor authentication. For selected devices and networks that store sensitive information and for privilege accounts, it is wise to have a second or third level of authentication, besides a strong password. You can consider a security question, or even biometrics, so that hackers cannot easy attack these resources.
- Suggest a password management tool. Let’s face it – Each employee uses a bunch of accounts, services and resources, and they often need to remember as many passwords. Being complex, these passwords are not easy to memorize, and the best solution to that is a password management tool. If your company hasn’t recommended one, talk to cybersecurity experts for suggestions.
- Consider lockout feature. When someone makes a certain number of invalid login attempts, seal or lockout the account immediately for at least 24 hours. Banks and many financial institutions are already using this feature.
Finally, keep a watch on how company resources, devices, and networks are being accessed. Encourage your employees to use VPN and make sure they are not working on a public Wi-Fi network.