Your team members may think that their passwords are relatively secure, but it can take only one compromised password to bring down an entire company’s system.
That’s why it is so important to educate and regularly remind employees to change their passwords frequently and use other password protection tactics.
Here, we’ll go through the importance of password protection. Then, we’ll explain how to protect your passwords in seven simple steps and how a managed services provider (MSP) can help keep your business data safe and secure.
Why Is Password Protection So Important for Businesses?
Even though the Department of Homeland Security announced protection against cyberattacks as “one of the top priorities,” hackers are no longer attacking only confidential databases of governmental agencies and public companies.
Nowadays, cybercriminals are increasingly targeting small and medium-sized businesses and – specifically – their employees working from home.
Why? Because home Wi-Fi networks and personal devices that many people use for work make easier targets for cyberattacks. And, as you may have guessed, using weak passwords for various accounts equals leaving the office doors open for thieves to walk in.
Weak passwords can lead to data breaches, phishing scams, ransomware attacks and other forms of cyberattacks or financial fraud.
So cybersecurity – and password protection in particular – should be one of the top priorities for small and medium-sized companies.
7 Simple Ways to Protect Your Passwords
You and your team members can protect your passwords and keep your data safe using these seven steps.
1. Avoid Common Passwords
Avoiding common passwords may sound obvious, but the simplest (and weakest) passwords are actually the most common.
According to NordPass, some of the most common passwords excessively used in 2020 were:
- 123456 (used 2,543,285 times)
- 123456789 (used 961,435 times)
- password (used 360,467 times)
- 111111 (used 230,507 times)
- 123123 (used 189,327 times)
- abc123 (used 151,804 times)
- 123qwe (used 40,431 times)
For all these passwords (and many more) it takes hackers less than a second to crack the code.
Other key points to avoid in passwords include:
- A single plain word (e.g., admin, master, work, password, business, user, etc.)
- Simple patterns (e.g., qwerty, john123, mary111, 000jack000, 121212, etc.)
- Easily identifiable personal data (e.g., date of birth, phone number, address, etc.)
2. Create a Strong Password
Instead of using “123456” or anything similar, come up with a strong and unique password for each of your accounts.
A strong password typically includes:
- A minimum of 12 characters, but preferably 30+
- Letters, numbers, symbols and special characters
- A complicated pattern that is frequently changed
One of the tactics can also be to switch certain letters with certain numbers. For example, to use 0 (zero) instead of the letter O, 5 instead of S, 1 instead of I, etc., to make a password stronger. You can use this pattern but try not to implement it too often because it has become somewhat typical.
Instead of a classic password, you can also use a passphrase, which is a sequence of random words. It can be easier to remember but harder for hackers to hack.
For example, a passphrase could be “machine sweater cake active summer before comedy chaos easy tea awakens bird.”
Passphrases are often used as a recovery key or as additional security for controlled access to sensitive data.
3. Add Another Layer of Protection
Two-factor authentication (2FA) is one of the best ways to additionally protect passwords and secure corporate data.
You can apply it to each of the business applications your employees use, especially if they access work accounts from personal desktops, laptops or mobile devices while working from home.
Two-factor authentication may include:
- A verification code sent by email, SMS or another channel
- A new password randomly generated each time someone logs in
- An access link sent via email each time someone wants to log in
- An answer to a specific, typically personal question
For even more security, you can use multi-factor authentication that combines more than two steps of verification before granting access.
4. Change Your Passwords Frequently
Passwords shouldn’t be set in stone once you create them. Using the same password for several years may increase the risk of having your profiles hacked.
The best practice is to change passwords every three to six months.
If it would help you memorize your passwords more easily, you can come up with a complex pattern that can transform a phrase into a strong password. The pattern could help you use letters, numbers and characters in a specific way.
If you choose this tactic, remember to also change the pattern frequently.
5. Use Different Passwords for Different Accounts
It may be easier to use the same password for different applications (including, for example, Gmail, Slack, PayPal, Facebook, Skype for Business, Zoom, online bank account and others), but it can make your online presence much more vulnerable.
The same passwords represent a weak point. If any of your accounts get hacked, cybercriminals could then easily enter all your personal and professional accounts within seconds.
To avoid such a scenario, create unique, strong passwords for each different account, personal and professional.
6. Use a Password Manager
Businesses around the world are using more cloud-based applications at work, especially after transitioning to a remote working mode due to the pandemic.
In fact, more than 10% of businesses use over 200 apps. This means their employees have to manage 200 different passwords. Even if this number was 20, 50 or 100, it would still be a lot of passwords to keep track of.
In this case, consider using a password manager — an application that will keep your passwords safe and secure at one place.
Now, you may think:
“Why should I keep track of all of those passwords when I can simply check the “Remember me” box on each of the accounts and never type in the password again?”
You could do that, but we strongly advise you not to. This only makes it easier for hackers to make their way into your profiles. Plus, the risk of a data breach, damage or theft would multiply if all of your team members were doing the same.
7. Keep the Software Updated
For every software that you use – from the main operating system to specific mobile and web apps – every now and then you’ll receive the notification about an update you need to implement.
The key advice here is: Don’t ignore update notifications.
Keep in mind that almost every new update will contain security-related updates within. So, the longer you ignore it, the lower your system security will be.
Although this may not be directly tied with password protection, it is an important step in the overall matter of cybersecurity for your business.
How to Help Your Remote Team Stay Alert and Use a High Level of Password Protection
Since many small and medium companies shifted to a remote-first model practically overnight in 2020, a “window of opportunity” has opened for hackers.
Help your team members become aware of the cybersecurity risks.
Some of the most common types of cyberattacks and financial frauds that may target your employees’ accounts include (but are not limited to):
- Phishing scams
- Identity theft
- Ransomware attacks
- Business email compromise
Of course, high-privilege accounts, such as the one of a system administrator, or the accounts of employees who have access to the company’s finances, should be protected at an even higher level.
That’s why educating your employees and keeping everyone on the same page regarding the importance of password protection could help you prevent major business disasters.
Keep cybersecurity news and updates among the important notes for your employees.
Engage your IT staff or a managed security provider to help you, whether you choose to document important notes as part of your internal communications, present them during an onboarding phase for new employees or emphasize them during cybersecurity training for your staff.
How Can a Managed IT Security Provider Help You Keep Your Data Safe?
Besides the fact that a dedicated team of cybersecurity experts can run regular cybersecurity training for your staff, a managed cybersecurity provider can also help you:
- Identify risks and vulnerabilities
- Strengthen passwords for accounts
- Test and scan your emails for phishing scams
- Keep your system updated at all times
- Enable secure access to an office network
- Manage and monitor all access points
- Troubleshoot and fix any occurring issues
- Prevent threats and keep your data secure
Remember, it could only take one compromised password to put sensitive corporate data at risk.
Key Takeaways on Password Protection with the Help of Managed Security Services
As already mentioned, it’s very important to educate your employees about cybersecurity risks and make sure they’re aware of the importance of creating and managing strong passwords, especially for work accounts they access via a home desktop computer or a personal laptop.
Using unique passwords, two-factor authentication and other password protection tactics for each account will help your employees create a stronger barrier for unauthorized access to sensitive data.
The best practice is to apply a proactive IT security approach to your business.
Depending on your business size and current system and networks, you may hire in-house IT specialists or hire a managed security services provider to help you create a strategy tailored to your needs. This will help you efficiently assess risks, detect vulnerabilities and protect your data.