Every business or organization should have a system in place for Password Management. In this video and blog post, we examine why passwords are a top target for cybercriminals and what your business can be doing to protect and manage your passwords.
What is Password Management?
Password Management involves the use of sustainable practices to secure and manage passwords throughout their lifecycle. Password Management allows users to safeguard their credentials against unauthorized access to accounts and services. Password Management can include developing company-wide policies as well as the implementation of a Password Management system.
Why Data is Under Greater Threat Today
Due to increased technology adoption and the impact of the COVID-19 pandemic, more important data is being stored on different networks. This means a larger amount of data is now vulnerable to unauthorized access. An organization with a broad network and large assets is at risk of being targeted by threat actors looking to identify flaws in their security posture or even lack thereof.
As we continue to grow and rely on technology, we need to ensure that the data we are storing on these networks are secure and Password Management is an excellent first step.
Why Your Business Should Pay Attention to Password Security
A password is your primary defense against cybercriminals looking to gain unauthorized access to sensitive information. According to a 2020 Data Breach Investigation Report, comprised passwords led to 81% of hacking-related breaches.
A strong password creates a protective barrier between your data and hackers and often times is the only thing stopping a cybercriminal. Businesses should pay attention to how they manage and train their employees to eliminate any human error or negligence that they can.
%
of hacking-related breaches in 2020 were caused by compromised passwords
Tips to Manage Your Passwords
Limit Access to Information:
To protect your data, ensure that only authorized individuals have access to important information. It’s also crucial to verify and maintain the integrity of your data as well as exactly what data you are in possession of.
Use a Password Manager:
A password manager is an encrypted, digital tool that stores your passwords and online credentials in a centralized location that’s secured by a single, strong master password. Password managers can also generate unique, strong passwords. This tool boosts data security by helping you create a password that’s unique to each of your accounts. This means that if one of your accounts is hacked, the breached password can’t be used to access other accounts.
Use a Multi-Factor Authentication System:
A multi-factor authentication system adds an extra layer of security to the password verification process. This makes the system an effective tool to enhance your organization’s security posture and prevent password breaches. In fact, implementing this system alone can help prevent 99% of account breaches!
Create a long, unique password:
Passwords should be a minimum of ten characters or more, and include both uppercase and lowercase letters, numbers and special characters (ex – !@#$%). Businesses should create and regulatory update their password security policy. Further, every individual in the organization should have a unique password.
Keep Your Passwords Complex but Memorable:
Refrain from using predictable passwords because hackers will likely be able to crack them in the event of a security breach. According to a National Institute of Standards and Technology (NIST) study, the following password types are very predictable and can be easily compromised:
- Passwords from previous breaches
- Specific words, such as the name of the service
- Dictionary words
While it’s important to generate passwords that meet basic complexity requirements, keep in mind that your passwords should also be memorable to minimize the likelihood that they’ll be written down or improperly stored.
Avoid ‘Remember My Password’ or Hint Options:
Try to skip the ‘remember my password’ option because newer web browsers are often susceptible to threats from hackers who may modify or circumvent the browser’s settings to access passwords. It’s also best to avoid storing passwords in digital documents or in the open.
Looking for assistance with Password Management for your business? GraVoc provides expert information security and technology services including Governance, Risk and Compliance (GRC) and IT Managed Services to businesses nationwide. Click below to learn more about our services and how we can help.
Related articles
Change Healthcare Attack: Ransomware Protection Measures for Healthcare Organizations
In light of the Change Healthcare attack, we explore why hackers target healthcare and how healthcare can defend against ransomware.
GraVoc Recognized on CRN MSP 500 List for Second Year in a Row
For the second year in a row, GraVoc has been recognized on the CRN® MSP 500 list in the Pioneer 250 category!
PCI SAQ Types: Which SAQ is Right for Your Business?
In this blog post, we provide an overview of the SAQ types for PCI DSS v4.0 and how to select a PCI SAQ that’s right for your business.