There are many ways your valuable business data can be breached, but establishing a strong password policy is the first and most basic step you can take towards securing your systems.
Below are some best practices that you should require all your employees to follow (you included!) and can implement straight away. Please bear in mind that these are basic tips. System administrators should implement other policies, such as those that prevent using passwords previously used and locking accounts after multiple failed login attempts.
- Change passwords regularly – Most security experts recommend that companies change all passwords every 30 to 90 days.
- Password requirements – A strong password should contain a minimum of 8 characters and include a mix of upper and lowercase letters, numbers, and a special character or symbol.
- Educate your staff – Teach employees NOT to use standard dictionary words (in any language), or personal data that can be known, or could be stolen e.g. addresses, telephone numbers, birthdays etc. With virtually everyone on social media now’a’days it is so easy for someone to find personal information that is likely being used for passwords!
- Don’t share details – Emphasize that employees should not access anything using another employee’s login details or leave machines unattended and logged into systems. To save time or for convenience, employees may leave systems open and share login information. This is a major faux pas. If a person leaves their desk, even for a quick toilet break or to make a cup of tea, they should lock or log out of their computer. This may sound unreasonable, but you’d be surprised how common this is and how often data breaches occur as a result. Make a policy regarding this and enforce it.
These are just a few basic principles regarding passwords, but they can make a big difference in keeping your business’s sensitive data safe.
For further advice and guidance on how to protect your business, please speak with one of our security experts on 0121 784 0077 or visit our IT security page.