How to secure your company's passwords

7 password habits hackers hope your company hasn’t adopted

There's some terrible password advice out there - like use one strong password everywhere. Don't do that. (Picture: Christiaan Colen, Flickr)

There's some terrible password advice out there - like use one strong password everywhere. Don't do that. (Picture: Christiaan Colen, Flickr)

While many of the recent breaches like LinkedIn and Twitter have focused on the impact on consumers, rather than businesses, it doesn’t mean that companies can’t be the target, whether large or small. The reality: any data is valuable on the black market, and hackers are just itching to get their hands on yours. As a CEO, owner, or IT Manager at a company, you have a lot more at stake than just one consumer – so are you doing everything you can to protect the company from an attack?

When reviewing your company’s current list of vulnerabilities against hacking, one of the first things you should check off are your password habits. Reviewing these, and adding a few tools to your security toolbox, will help to make most hackers’ jobs more difficult – and you may even ward off an attack entirely.

1. Set up password strength requirements

This sounds like a given, but many companies still don’t enforce password strength requirements, which means their employees are using simple, insecure passwords. Or, they stop at telling employees what they should do, but don’t actually have a way to verify they are doing what they should be. As a company, you should require employees to create lengthy passwords including upper and lowercase letters, numbers, and characters. You can also block people from using their first or last name, the company name, or even ‘password’ in their passwords. But go beyond that, and give your employees tips such as using passphrases that don’t really make sense but are easy to remember.

2. Require password changes

Password reuse is one of the biggest reasons that accounts are getting hacked these days. Require your employees to change critical passwords – computer, email, important data access – every few months or so, and especially after there has been any suspicious activity or known security issue.

3. Have a password manager (and actually use it!)

With all of these requirements and unique passwords, it’s very hard to practice good password habits without some help. That’s where a password manager comes in. A password manager helps you store all of your passwords in one secure place. But most importantly, you have to update your passwords so that each one is strong and unique so it can protect your accounts the way you need it to.

4. Establish levels of access

For those accounts with the company’s most sensitive information, such as server credentials and SSH keys – called privileged accounts – you need to take even more care to protect against threats. The first step is to ensure that not everyone has access to them. Only delegate access to those who truly need it, and regularly re-evaluate if those people still need it.

5. Automatically rotate passwords

Once an employee accesses one of these privileged accounts, it’s possible they’ll know the password. To keep the account truly protected, you’ll want to change the password after each time that it’s accessed. With business-focused password managers, this can be done automatically and without hassle to end users or IT admins.

6. Review activity reports

Monitor activity on all company databases, especially to privileged accounts, with reports that include data on which account was accessed, by which user and when. If there is a problem, you’ll know about it and will be able to identify who was accessing the account at that specific time.

7. Educate employees

Your company is only as strong as your least-informed, most insecure employee. Your IT department could be following all of the practices above, but that means nothing if your employees aren’t following good practices as well. Educate employees on what it means to have secure passwords, and on how to use a password manager to help them put those best practices into action. This means not only creating strong passwords, but also not sharing them with co-workers or others, using a password manager to store passwords, changing passwords often, and using unique passwords for every single account.

While it takes time to implement these changes, the security and productivity benefits you’ll experience across the organisation more than compensate for the initial investment.

Daniel Cran, Managing Director APAC, LogMeIn

Related
How to make Windows 10 ask for your password when you wake up your laptop
5 things you should know about password managers

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags password securitypasswordsecuritypasswordspassword managementbusinesspassword controlpassword protectionhacking

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Daniel Cran

PC World
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?