LogMeIn’s Chris Corde offers some helpful hints on choosing the right password strategy for your company
From Dropbox to Salesforce, cloud-based apps now house critical data for many UK businesses. But where cloud providers have developed their security to keep out more advanced threats, it’s the users themselves who are still leaving the door open to cybercriminals.
With so many passwords to manage in today’s digital working environment, it is not surprising that employees and their organisations begin to struggle and look to less secure ways of maintaining access to applications. Weak passwords like “123456” or “password” become popular replacements for more complex combinations of random characters and letters. To make matters worse, the same passwords are often used across all of the services in use and shared with colleagues to ensure they’re never locked out.
That’s bad enough when it comes to personal use, like your Facebook and Netflix accounts. But for business services the danger grows. All of your accounting files, confidential client data, business plans, privileged emails and credit card information can be exposed if a hacker chooses to target your business.
For the most part, employees are keen to do the right thing when it comes to security, but they are always going to be the weakest link in the chain, due to our atrocious password habits.
Here are some useful tips to help you deploy more apps to your organisation without compromising security.
1) Create unique, complex passwords for every account
Although patterns and personal touches make security details easier to remember, stronger passwords can be achieved simply by adding numbers, letters, and symbols to create a complex password. Encourage people to make these changes and create unique passwords across every account, app, and device. This is the only way to keep your data secure.
2) Forget remembering –use a password manager
The root of the issue is often the number of account identities people are being asked to create and then manage in order to carry out day-to-day activities. The easiest method to have a separate password for everything is by using a password manager. Use a password vault to ease the burden of password management and encourage strong passwords that don’t have to be committed to memory.
3) Share accounts, not passwords
Even if you have introduced password protection measures, there are still some circumstances where employees need to be able to share passwords with one another. From granting access to subscribed services to checking emails, passwords are often distributed through insecure channels such as email and instant messaging.
Password vaults – specifically those that are designed for business and team use – encourage proper password hygiene and allow for centralised account management across various different applications. By allowing access to the specific account or application without bothering with passwords, these tools add convenience for end users and enable a much more streamlined process for administrators when someone joins or leaves the company.
4) Have a back-up plan
Steps 1-3 offer strong protection against your passwords being compromised, but what happens if they are cracked and a hacker takes the opportunity to exploit the vulnerability? In this instance, having another layer of defence is critical.
You can be sure your user accounts are secure by using multi-factor authentication. This requires something in addition to the user name and password to access an account such as a code which is delivered directly to the user’s mobile. This ensures that if a password is stolen, a hacker still has a second roadblock that prevents access to your data.
5) Teach and encourage common sense
The last and most obvious tip is to remind employees to use common sense when it comes to passwords. As simple as it sounds, it’s not one to take for granted. It’s the human element that forces us to default to a simple password because there are too many to remember. Research shows that only 1 percent of people use a password manager on a regular basis. Be sure to inform your employees of the risks and remind them to take that extra step to keep their passwords secure.
Securing your business doesn’t have to be a headache. By following these simple tips, your business will be that much more secure and you’ll be sure to get a good night’s sleep.
Chris Corde is director of products for LogMeIn.
Are you an Internet security expert? Take our quiz!