How to secure your company's passwords

7 password habits hackers hope your company hasn’t adopted

There's some terrible password advice out there - like use one strong password everywhere. Don't do that. (Picture: Christiaan Colen, Flickr)

There's some terrible password advice out there - like use one strong password everywhere. Don't do that. (Picture: Christiaan Colen, Flickr)

While many of the recent breaches like LinkedIn and Twitter have focused on the impact on consumers, rather than businesses, it doesn’t mean that companies can’t be the target, whether large or small. The reality: any data is valuable on the black market, and hackers are just itching to get their hands on yours. As a CEO, owner, or IT Manager at a company, you have a lot more at stake than just one consumer – so are you doing everything you can to protect the company from an attack?

When reviewing your company’s current list of vulnerabilities against hacking, one of the first things you should check off are your password habits. Reviewing these, and adding a few tools to your security toolbox, will help to make most hackers’ jobs more difficult – and you may even ward off an attack entirely.

1. Set up password strength requirements

This sounds like a given, but many companies still don’t enforce password strength requirements, which means their employees are using simple, insecure passwords. Or, they stop at telling employees what they should do, but don’t actually have a way to verify they are doing what they should be. As a company, you should require employees to create lengthy passwords including upper and lowercase letters, numbers, and characters. You can also block people from using their first or last name, the company name, or even ‘password’ in their passwords. But go beyond that, and give your employees tips such as using passphrases that don’t really make sense but are easy to remember.

2. Require password changes

Password reuse is one of the biggest reasons that accounts are getting hacked these days. Require your employees to change critical passwords – computer, email, important data access – every few months or so, and especially after there has been any suspicious activity or known security issue.

3. Have a password manager (and actually use it!)

With all of these requirements and unique passwords, it’s very hard to practice good password habits without some help. That’s where a password manager comes in. A password manager helps you store all of your passwords in one secure place. But most importantly, you have to update your passwords so that each one is strong and unique so it can protect your accounts the way you need it to.

4. Establish levels of access

For those accounts with the company’s most sensitive information, such as server credentials and SSH keys – called privileged accounts – you need to take even more care to protect against threats. The first step is to ensure that not everyone has access to them. Only delegate access to those who truly need it, and regularly re-evaluate if those people still need it.

5. Automatically rotate passwords

Once an employee accesses one of these privileged accounts, it’s possible they’ll know the password. To keep the account truly protected, you’ll want to change the password after each time that it’s accessed. With business-focused password managers, this can be done automatically and without hassle to end users or IT admins.

6. Review activity reports

Monitor activity on all company databases, especially to privileged accounts, with reports that include data on which account was accessed, by which user and when. If there is a problem, you’ll know about it and will be able to identify who was accessing the account at that specific time.

7. Educate employees

Your company is only as strong as your least-informed, most insecure employee. Your IT department could be following all of the practices above, but that means nothing if your employees aren’t following good practices as well. Educate employees on what it means to have secure passwords, and on how to use a password manager to help them put those best practices into action. This means not only creating strong passwords, but also not sharing them with co-workers or others, using a password manager to store passwords, changing passwords often, and using unique passwords for every single account.

While it takes time to implement these changes, the security and productivity benefits you’ll experience across the organisation more than compensate for the initial investment.

Daniel Cran, Managing Director APAC, LogMeIn

Related
How to make Windows 10 ask for your password when you wake up your laptop
5 things you should know about password managers

Join the PC World newsletter!

Error: Please check your email address.

Tags password securitypasswordsecuritypasswordspassword managementbusinesspassword controlpassword protectionhacking

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Daniel Cran

PC World
Show Comments

Essentials

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?