Best Password Security Practices: Lock Hackers Out

When it comes to cyberattacks on small to mid-sized businesses, password credentials are the easiest targets to get a front-row seat to everything your business does online. Nearly half of all breaches involve stolen passwords. It’s important for you to have a policy that enforces practical, advanced measures that you can implement right away, starting with your passwords. Your login security is your most valuable business asset, even over your client list or your brand reputation; because if you lose control of the former to bad actors, everything you value could consequently be lost in minutes.  

However, if you struggle with maintaining a strong cybersecurity culture in your workplace, you will always remain at risk. MasterCard reported that 73% of business owners struggled to get their employees to take security policies seriously. The solution must go beyond the idea of just using stronger passwords because good login security works in layers. If an attacker has more hoops to go through to gain access, they are less likely to make it all the way to your sensitive data. Here are some key action items to enforce in your business: 

1. While strong passwords aren’t the end-all for your business protection, they are still incredibly important. Do not allow short, predictable passwords (like “Spring1998”) to be used, and don’t allow the same password to be used across multiple accounts. If your team is doing this, you are an easy target already. Require everyone to use unique, complex passwords with 15 or more characters that mix symbols, letters, and numbers. String unrelated phrases together that are easy for people to remember but difficult for machines to guess. Password managers are helpful at generating such passwords and storing them safely for you. Add MFA and authenticator codes on every account you possibly can. And if you do all of this: make sure to apply these rules across the board. 
2. Be sure to be thoughtful as to who on your teams needs access to which accounts, because not everyone needs full admin rights. Keep your target to the least possible group. Be careful to give any third-party vendors or contractors the minimum amount of access needed and remove their access as soon as their work with you ends.  
3. Protecting your email security is a solid way to avoid a breach. Theft often happens in emails, when a convincing message is sent and an employee clicks a link they shouldn’t. You can enable phishing and malware filtering; set up SPF, DKIM, and DMARC to make your domain harder to spoof; and train your team to always be suspicious of unexpected requests, even if it seems to be coming from someone else in the company. 
4. Make sure you are regularly training your team. Keep it interactive and practical, with short, focused sessions on how to spot phishing attempts, how to handle sensitive data, and how to generate and store secure passwords. Additionally, send periodic, quick reminders in your team meetings and internal chats. You want everyone to know that cybersecurity is everyone’s responsibility, not just part of the office manager or the IT department’s job. 

Your login security can be an asset or liability. Implementing the above-mentioned measures require ongoing compliance as your business evolves. With time, your employees come and go, their roles may shift, and new tools arrive on the scene to help you streamline your operations. Though elements of your business change, the enforcement of robust cybersecurity should be a constant. Tech Eagles has the training and the tools you need to foster and maintain a strong cyber culture for your business. Call today to find out how we can boost your security!