As cyberattacks seem to become increasingly more prevalent, far-reaching and long-lasting in their damage, it's more important than ever that you and your employees do everything possible to protect your company's data. One often overlooked way to keep sensitive information safe is paying extra attention to password security.
Though passwords seem like such a simple element in the scheme of things, the truth is that they can open the door for cybercriminals. One easy-to-hack password and thieves can compromise your business in just a few keystrokes.
“Passwords are the only control you have to secure your data with most systems these days," says privacy and cybersecurity expert Shaun Murphy, CEO of sndr, an app that enables messaging, file storage and sharing. “If your password is easily guessed by someone, then the person essentially becomes you. Use the same password across services and devices, and they can take over your digital identity."
Why Password Security Is of Paramount Importance
“Passwords are valued currency in the Digital Age, and using strong passwords to prevent unauthorized access is a necessity," says Stacy King, executive director of the Federal Bar Association. “The ability to transfer customer data, client files, medical records, employee files, financial records and other valuable and sensitive information has presented a new world of legal risks."
Don't think that it's just online bank accounts that require password protection, adds Jocelyn Baird, associate editor for NextAdvisor, a website offering financial advice for consumers and business owners.
—Shaun Murphy, CEO, sndr
“Password security is the front line of defense when it comes to protecting all of your online accounts and the data contained within them," Baird says. "While it might be more convenient to use short, easy-to-remember passwords, one weak link password could hand a cyberthief the keys to your online kingdom."
9 Steps to Help Increase Password Security
Creating secure passwords is possible. You and your employees may want to keep the following tips in mind.
Make the Password Complex
Easy passwords might allow you to quickly access your accounts, but they can do the same for hackers.
“When it comes to password security, think complex," says Baird. “The more characters you use, the better. One trick you can use if you can't remember completely randomized passwords is to create a passphrase instead of a password. Use spaces to make a sentence and incorporate numbers and special characters in place of letters. For example: w1Nt3r iZ com;nG? instead of 'winter is coming.'"
Avoid the obvious, says security expert Jason Chaikin, president of Vkansee, a biometric verification company. “Using familiar dates like kids' or spouses' birthdays and home addresses are very obvious choices and aren't recommended."
Make the password even less hackable through intentional misspellings, advises King.
“See that the password is free of repetition, dictionary words and usernames," she advises. "A good password is one that has no relation to you whatsoever."
Keep It Random
Chaikin advises using at-random passwords.
“Ideally, you want a random, 12-character password," he says. “You can devise the password by picking two seemingly unrelated words and incorporating unusual characters."
Go for Lengthy Passwords
“Length can exponentially increase the security of your password," says Preston Powell, systems support specialist for commercial cleaning company Anago Cleaning Systems. “A strong password should be at least eight characters, with 12 to 14 being a recommended standard. Be sure to use a mix of alphanumeric characters and symbols, along with capitalization."
Avoid the Automatic Login Feature
It might save you time and frustration, but automatic, saved login information, including passwords, may make it more likely that your company could be hacked, says Michael Bruemmer, vice president of identity protection at Experian. (So you may want to avoid using the “remember password" feature.)
Use a Different Password for Each Site and Account
“It's imperative that you have a unique password for every service you use," says King. “If you recycle the same password or a variation of it and a hacker cracks one account, he or she will be able to access your other accounts."
An important tip for password security is to avoid reusing passwords, agrees Baird.
“A password used in more than one location is automatically weakened, because if someone were to gain access to one of those accounts, they could easily access any others sharing the same password. And remember, the easier a password is to guess, the more dangerous it is."
Change Your Passwords Regularly
“Good passwords aren't easy to guess, but they also don't last forever," says Bruemmer. “Keep a reminder on your calendar to change out passwords regularly so that none of them stick around too long."
Take Advantage of Two-Step Verification
“If a service offers a two-step verification, use it," advises King. “When enabled, signing in will require you to also enter in a code that's sent as a text message to your phone. As such, a hacker who isn't in possession of your phone won't be able to sign in, even if the hacker knows your password. Two-factor authentication helps you protect your accounts by adding a second step to the login process."
Avoid Using an Email Address Login
"While names, addresses and dates are important details to not include in a username, the absolute worst mistake you can make is to use an email address as a login," believes Murphy.
"Linking a username with an email address can simplify a criminal's search for your personal information," he says. "Using trial and error, a criminal can add common email providers to your username, run a search and pull up your social media accounts and any other sites where you have used that email address to create a profile."
Try a Password Manager
Password managers securely keep track of your passwords for you so you don't have to constantly remember them. They also make it unnecessary to recall anything but a master password.
“Look for a password manager that explicitly states it uses AES 256 bit encryption or stronger to protect your content," says Murphy. “And, if you can use the password keeper via a web browser, only use it for unimportant sites—not for email, social media, banking or commerce. If you can login with a username/password and view all of your passwords, so can someone else."