You don’t need to be involved in the SolarWinds and Russian hacking incident to need to know how to have a safe password. Every person and every business needs to understand password security, know how to make the best possible and strongest password AND how to remember where/what they are.
There is nothing worse than making a password and setting up a username for an account only to have forgotten it when you need to use it, right? As IT professionals, we know. We have heard every story, been faced with locked out clients and have cringed when simple passwords were used to “secure” sensitive information.
Keep in mind that the SolarWinds hack was caused because someone had used the password “solarwinds123” as the safeguard to information used and stored by thousands of users. This hack — which truly didn’t take the Russians much more than walking through an open door — should have opened everyone’s eyes to the importance of protocols in your business.
How To Have A Safe Password
You don’t need to be a government entity or a large service provider like SolarWinds to require strong log-ins for access to your company information. You do need to have protocols in place and there must be consequences if those protocols aren’t adhered to by ALL your staff and vendors.
Here is a back to basics primer.
- Use a password manager. Invest in one and have your employees and vendors use it. With a password manager, you can also share log-in information without having to share your actual password. Give each staff member his or her own password manager and require them to use it. Make certain they set up a long, difficult password for their password manager login.
- Determine what your company protocols will be. Will you require a specific length? The longer the better. Will you require upper and lower case letters? Symbols? Numbers? Once you have those protocols in place, all employees will be required to adhere to them in order to access company servers and information.
- What are the consequences for a staffer who bypasses the protocols you have in place? You need to let individuals know that if there is a hack that is traced back to them they will not only lose their jobs but could potentially face prosecution (talk with your company lawyer about that!)
- Never write passwords down on paper. It is simple to grab a piece of paper or jot the password down in an address book under “p” for passwords. While the Russian hackers weren’t on-site to look for passwords, if you have people who share workstations and if one of those people writes his or her password down and sticks it to the underside of the computer keyboard… how hard will it be for a hack to occur?
- Don’t share passwords across social media platforms. You may think giving someone your user name and password through Facebook or a Zoom chat or even through email is safe — it’s not. Even if the email is deleted, there is still a record. Also, how do you know the person to whom you’re sending the email will delete it? If you share your password on social media and the person who is receiving it is hacked, your password and user name are now compromised.
Take time to review your company’s password protocols. Get back to basics. Reach out to our IT professionals, we can help you put a plan together. In the meantime, grab our Password Tips here.
WareGeeks Solutions is a Roselle, New Jersey-based complete IT consultant and solutions provider. We specialize in 360 Protect Data Now managed services, Data Protection, Business Continuity and Disaster Recovery (#BCDR). We work with law firms, real estate and property management professionals and in the healthcare industry. If you have IT or security questions contact Seth at WareGeeks Solutions. For information or a consultation, call (877) 653-7146, or email us at firstname.lastname@example.org. www.waregeeks.com