You can have all the locks on your data center and have all the network security available, but nothing will keep your data safe if your employees are careless with passwords.
- Change Passwords – Some security experts recommend that companies change out all passwords every 30 to 90 days. Some systems require it. A good password manager can help you keep track.
- Require passwords that mix upper and lowercase, number, and a symbol.
- Teach employees NOT to use standard dictionary words ( in any language), or personal data that can be known, or can be stolen: addresses, telephone numbers, SSNs, etc.
- Emphasize that employees should not access anything using another employee’s login. To save time or for convenience, employees may leave systems and screens open and let others access them. This is usually done so one person doesn’t have to take the time to logout and the next take the effort to log back in. Make a policy regarding this and enforce it. If you see this happening, make sure they are aware of it.
- Good passwords are critical and should always be protected with Multi-factor Authentication everywhere.
These are just a few basic password rules, but they can make a difference.