One of the most important aspects of security and data governance is establishing and enforcing a strong password policy. In 2012, LinkedIn had 6.5 million passwords cracked and eHarmony lost another 1.5 million. If 2014 has taught us anything, it’s that hackers and the threat of cyber theft is growing.
Sony Pictures was forced to cancel the release of “The Interview” after hackers released a massive amount of sensitive material and emails from their network. Industry experts estimate the decision to shelf the comedy cost Sony $100 million. That’s just the visible tip of the iceberg. McAfee estimates that the impact of cyber crime on the global economy at over $400 billion.
Billion.
A strong password policy has never been more critical to business continuity and the protection of digital assets. It’s important to remember that a break into a personal account of one of your network users also represents a massive risk for their corporate logins. Of course, there are ways several easy ways in which you can reduce that risk by strengthening user passwords.
Here are ten tips to help you do just that:
1. Create a Strong Password
Simply creating a strong password is the easiest way to halt hackers from getting inside. Password strength can be measured by the 8 + 4 rule. This means the password has at least 8 characters and at least one upper case, one lower case, one number and one special character.
Here’s an example of a password following the 8 + 4 rule:
l3M0nT@rt
The more random, the better. There are a lot of users that attempt to use simple patterns to create a “random” password, but it only appears random. A password like this is a welcome mat:
ABC123abc
2. No Personal Information
It’s surprising how many users incorporate personal information into their password to help them remember. Security specialists examined the LinkedIn passwords that were hacked and a surprising number simply had the user’s first name with their birth year. For example:
mike1982
3. Create Unique Passwords for Each Account
This is a particularly dangerous scenario. If your users use the same password for all of their accounts, the hacker can then use them to get into personal email, work email, network logins, Facebook and even bank accounts. Research polls estimate that about 25% of people use a single password for all of their accounts.
4. Never Write Them Down
Using a separate password for each account can get extremely tricky, because the average online user has 26 different accounts that require passwords. People 35 years old and younger average up to 40 accounts.
Despite the difficulty in remembering all of these passwords, it is essential that your users never write them down or store them on their computer.
5. Change Passwords Frequently
Experts suggest that the longest your users should keep any password is six months or less. The ideal timeframe is closer to three months, particularly for accounts that have critical functionality (such as bank accounts).
6. Beef Up Computer Security
If the end user’s computer has spyware or viruses, it doesn’t really matter how diligently their passwords are maintained. Every computer on the network, including home computers that are used to access the network remotely, must have an enterprise-level security program.
7. Use a Password Checker
There are reputable companies that offer free password checking that are encrypted for extra protection. Microsoft offers a password checker online. Apple also has their Password Assistant embedded into their operating system.
8. Never Share
Sharing a password, particularly over a digital forum (chat, email, private message boards), is a big no-no. Network users should understand that emails (even internal emails) should be treated like a postcard.
The only acceptable time to share a password is with the internal help desk. Even then, the password should be immediately changed following the conclusion of the assistance.
9. ‘Remember Password’ Setting
A lot of internet browsers offer the capability to remember passwords for the ease of their users. This is a major security risk, particularly for laptops. If the laptop is stolen and the initial OS login can be circumvented, then all of the users’ accounts are open for intrusion. These settings can be turned off in Chrome, Firefox and IE quite easily.
10. Protect Everything
Almost every device you have can connect, communicate, and browse the internet or the network. That’s why it is essential that the same data governance and security protocols that are implemented for PCs are also enforced for laptops, tablets and smart phones.
Master Security with DataGravity
The security of a data network can best be described as the shell of a submarine. If one little patch starts to leak, it spells big trouble for the entire vessel. Password protection is just one of those patches, but it’s an important one as it’s one of the most vulnerable. It doesn’t help that getting your entire organization on the same page when it comes to password security can be a challenge.
Fortunately, there are tools out there that can make enforcing a password policy much, much easier. The Discovery Series from DataGravity is one such tool.
One of the great benefits of the Discovery Series is the enhanced oversight it gives to network administrators in ensuring that security protocols and data governance rules are followed by the end user. For example, if a network user has a file named passwords.docx in their personal drive, then DataGravity can automatically flag that as a potential security risk. That’s just one example of what the Discovery Series is capable of when it comes to data governance and security.
Contact us today for more information on how we can improve the performance and security of your network today using platforms like the Discovery Series.