Whether they come to your organization as consumers or clients, students or patients, people expect you to keep their personally identifiable (and often highly sensitive) information safe. To meet this expectation, you might turn to cutting-edge encryption tools and pseudonymization methods. But countless organizations overlook the most obvious place to start when it comes to protecting data: passwords.
To help you take this pivotal first step toward optimal data security and to protect your organization from mistakes and breaches from within, here a few robust password guidelines you can follow.
Create and implement a password policy
Simply, a password policy is a set of rules outlining how your employees should approach creating and using their passwords.
To make your password policy as strong as possible, it should include password expectations. Establish clear criteria for your employees’ passwords, and make sure they follow those rules. To help you create your criteria, some password best practices include:
- Embracing long passwords—research shows that password complexity isn’t nearly as important as length
- Avoiding the use of personal information like addresses, nicknames, and important dates (no birthdays allowed!)
- Avoiding dictionary words
- Using passphrases instead of passwords (e.g. “NYG!antsAreTheB3st” instead of “GiantsFan1”)
- Encouraging uniqueness, even a little weirdness (the days when “password” and “12345” were acceptable choices are long behind us)
Once you’ve got your criteria nailed down, clearly outline for your employees how they should be using and protecting their passwords. Some handy rules to follow include:
- Avoiding writing down passwords
- Not changing passwords too frequently (a couple of times a year is usually fine, though you should change them immediately if you suspect a breach)
- Never sharing passwords, even if it’s with someone in your organization
- Never letting someone watch you enter your password
- Not using the same password for multiple applications or accounts
Educate your employees
In 2017, it was reported that roughly 90% of cyber breaches were the result of human influence, whether through error or intentional malicious behavior. One simple way to keep your company from becoming part of this statistic is through continual employee security training.
Be transparent with employees about your data protection policies. Let them know why these policies are in place and how they’ll help your organization thrive. Keep them updated about policy changes and emerging threats, and tell them what to watch out for. Encourage employees to take an active role in securing your company’s data by making the importance of data protection personal to them, and they’ll play a vital role in keeping your company safe and secure.
Adopt a password manager
Depending on the size of your organization’s digital network, your employees may have a substantial number of applications or accounts they need to access—and thus a lot of passwords to remember. Make things easier for them—and avoid problems associated with easy-to-remember but easily hackable passwords—by investing in a password manager.
Password managers are essentially encrypted vaults that store all your company’s passwords in a secure and centralized location. And since they can only be accessed with one master password, they provide an additional level of protection against human error. Some password managers let you sync them across networks and will calculate or create passwords for you instantaneously. Employees only have to remember a single password to access their password vault, so they’ll find it easier to stay secure.
Passwords are only the beginning
Implementing robust password guidelines is a crucial step in protecting your organization’s most sensitive data, but it’s just the beginning. To find out how eMazzanti can help you take data security and privacy to the next level, contact us today.