Those inevitable moments where we've forgotten our credentials - forcing us to leap through the hoops of secondary emails and reset requests - has trained the average user to keep things memorable; to keep that one password indefinitely and practically identically across all accounts. It's a false convenience, of course, one which can compromise all those sensitive accounts if so many as one is hijacked.
Which is why your company needs a strict password policy, prioritising strong passwords and managing them regularly.
Here's 5 of the best password practices as your first line of defence against brute-force breaches.
Have better passwords
The phrase 'Password' is fast becoming a misnomer: Any one based on a recognised word is typically the first to be broken. So, a policy which enforces one capitalised letter, one symbol, and one number gives passwords that added layer of complexity without making them too hard to remember. Keep it notable, personal and unidentifiable. And if your staff are still using "password", "passw0rd" or "123456", have a stern word with them.
Change passwords regularly...
Don't just bolt the locks - change them on a regular basis.
If business credentials are stolen, the sticky-fingered culprit(s) have all the time they need to use them for their own nefarious deeds. By enforcing a password policy that requires your users to update theirs regularly, cyber criminals are working to a strict time-limit, giving them less time - and fewer opportunities - to cause chaos. It's recommended that users change theirs as often as every three months to thwart any early attempts.
... and change them properly
A quick tip; substituting letters for numbers isn't as clever as it used to be, and would-be intruders have long since figured that technique out. Your new password should be exactly that, a diversion from the last that can't be guessed with your public or potentially stolen private data.
Finally, don't allow users to create new passwords as a sequel to the last one; simply sticking a number on the end is only going to thwart the objective.
Black list certain passwords
When all else fails, simply give your users worst passwords the boot. While cyber-criminals are using increasingly complex methods to gain password data, the cruder methods are still working thanks to their more careless victims. Lazy passwords can be guessed with a thousand-strong dictionary known to many hackers and cyber-criminals - one undoubtedly growing thanks to company breaches of customer data - and certain passwords are becoming more renowned, more frequent and more vulnerable.
A system which recognises and updates these offending passwords stops your users from shooting themselves in the foot.
Do the two-step
There's a very good reason that Two-Step Verification is becoming an industry standard: without it, identity thieves will need more than just a username and password to break their way into an account.
The beauty of Two-Step Verification is that it doesn't just identify an account's credentials - it identifies the user themselves. Via a personal device, the Two-Step Verification both confirms the logon attempt and creates a randomly-generated code, which the account owner must enter before the logon attempt is successful. The best bit is that this code is everything we mentioned above; constantly changing, hard to guess, and not about to generate any obvious or blacklisted codes. Coupled with a vigilant password policy, it's an essential component to your business' security.
Strict password policies don't need to be complex, simply a part of your everyday security scheme. Coupled with regular staff training and dedicated security technology, you can help prevent attacks at the first instance.
A security solution from Mirus, along with our regular phishing and security training, can help keep your business protected.
Can you instantly restore accounts and data when disaster strikes?
Have you tested it?
Don't let your business grind to a halt should your data back up fail, or should you suffer a data breach or attack.
With Backup Specialists Datto and Mirus, we can ensure your mission critical data is backup, secure and instantly retrievable.
Find out more: