6 min read
Predictive And Prescriptive Analytics Alert Software
Predictive and prescriptive analytics software have become invaluable business tools in today’s data-driven workplace environment. They offer a range...
The issue of employee passwords is often a challenging one for businesses around the world but can’t be ignored.
According to a report from Verizon, around 81% of hacking breaches experienced by companies are caused by weak or stolen passwords.
Maintaining password policy best practices in your company is essential to help mitigate the risks.
Table of contents
The importance of password security in the workplace
What is a corporate password policy?
10 password policy best practices to implement in your organization
How to communicate your corporate password policy
Employee failure to comply with its best-practice corporate password policy can lead to many major issues for companies, including:
The report found that 31% use their child’s name or birthday, 34% use their spouse or partner’s name or birthday, 37% use the name of their employer, and 44% reuse passwords associated with both work-related and personal accounts.
The Keeper Security report also found when it comes to enterprise password security, employees aren’t as security conscious as they should be.
Some 57% of employees say they write passwords down on sticky notes, 55% save passwords on their phones, 51% save passwords on their computers, and 49% save passwords to the Cloud. And 62% share their passwords insecurely with unauthorized parties!
The COVID-19 pandemic and the increase of employees working remotely some or all of the time has been exploited by cybercriminals, with password exploitation one of the major challenges during this time.This highlights the need for organizations to have strong corporate password policy.
The costs are enormous – according to IBM the average cost of a breach of credentials to a company is around $3.92 million.
A corporate password policy is a set of rules that an organization has about passwords that are used to access systems and data that generally incorporates best practice industry standards to ensure employee credentials cannot be easily compromised.
Free download
Having a strong corporate password policy in place ensures that your systems and data are as secure as possible. We’ve created a corporate password policy example you can download and use to guide your own business.
Having a strong company password policy in place is one of the first lines of defense your organization has in its fight against cybercrime. Protecting passwords is a fast and easy way to enhance cybersecurity in the workplace.
If your company currently doesn’t have a corporate password policy, it’s time you developed one. And if you do have one already, you should review it to make sure it is up to the task of helping to protect employees against modern cyber threats and update it accordingly.
Some of the best organization password policy recommendations include:
It’s strongly encouraged that people use unique passwords for every account that they create. Unfortunately, this isn’t always the case when it comes to managing passwords.
A Google Online Security survey found that 52% of people use the same passwords across all accounts.
If a password is breached on one platform, that puts the user at risk of being breached everywhere.
More than 555 million passwords have been published on the dark web since late 2017, which shows the extent of the problem.
With computers becoming more powerful with higher processing speeds, brute-force attacks where hackers test endless combinations of characters until they find the correct password, have been more and more effective. Your company password policy should require that long and complex passwords are used to access your systems - this is one of the most secure practices when creating passwords
According to Scientific American, a 12 character password is 62 trillion times more difficult for cybercriminals to crack than a 6 character one. And the strongest password is a 16 character one derived from a set of 200 characters.
To ensure security, passwords should be used once only. Reusing passwords is problematic if a password has ever been compromised in the past.
Some experts believe if you have difficult, unique passwords then you don’t need to change them unless compromised. Others believe you should change the password several times a year.
Traditional requirements to change passwords every 30, 60, 90 days have the effect of creating weaknesses in the system, not strengths.
People are less likely to use long and complex passwords if they have to remember a new one every few months. They’re also more likely to write them down or store them somewhere where third parties can access them.
As cybercrime is constantly evolving and becoming more and more sophisticated, it’s important that your education and awareness campaigns also evolve. Password hygiene education shouldn’t just be a one-time thing: you need to continually remind employees about secure password management and let them know when new threats emerge.
>> Download 6 free cybersecurity email samples <<
Because password combinations of complex lower and uppercase characters, special symbols and numbers can be difficult to remember, you don’t want people writing them down or storing them somewhere insecure. A password management system can help. Password manager best practice is implementing software systems that work by storing all the passwords you use and rely on one strong master password to keep them all secure.
Many systems lock accounts when there have been a sufficient number of failed login attempts reached. Often the threshold is quite low and will only seek to frustrate users – particularly if they have legitimately forgotten their long and complex password.
This type of negative experience for the user can lead them to use more easily compromised passwords in the future. So while you shouldn’t get rid of the threshold altogether, you should make it a more reasonable amount of attempts, such as ten, before people are locked out of their accounts.
Passwords need to be confidential in order to be effective in guarding sensitive information. Therefore, employees should be prohibited from sharing their passwords with anyone – even colleagues. This is one of the most important best practices for password management. It’s important that the reasons for this are clearly outlined in your corporate password policy.
It’s a lot harder to compromise a password if there is a two-factor authentication requirement attached to it. By adding the second factor – such as an SMS being sent to a device with a one-time code that needs to be included in order to proceed – it is much more difficult for hackers to gain access to systems unless they have also managed to steal the device where the authentication is sent.
According to Microsoft, users who have multiple-factor authentication on their accounts are able to block 99.9% of automated attacks.
According to the World Economic Forum (WEF), the COVID-19 pandemic has strengthened the case for organizations to ditch passwords completely.
New technologies such as biometrics, device attributes and behavioral analytics can help to validate someone’s identity without the need to type in a password. The WEF says that going “passwordless” will greatly boost security in companies and eliminate the risk of compromised credentials.
It’s important to communicate your company password policy in a variety of ways to ensure that the information reaches your employees. Messages sent multiple times in different formats are more easily retained.
Consider the following methods when communicating about password security in the workplace:
Passwords for many organizations are the only thing standing between their precious data and criminals having access to it. Keeping abreast of best practices to ensure cybersecurity, the recommendations for creating and maintaining passwords and having a strong company password policy can help to minimize the risk of harm.
Some of the password storage best practice policies that companies use include:
The recommended best practices for corporate password policy include:
A password security policy is a set of rules that dictate the ways passwords must be created in your organization in order to prevent your systems from being compromised and your data stolen. It prevents your users from choosing weak passwords that can be cracked easily.
Having a strong password policy in place in your organization will help to protect your systems and data from a range of different outsider threats and attacks. It will keep you ahead of hackers and bots that have been designed to guess passwords.
Send urgent notifications to any corporate devices: PCs, phones, tablets, etc.
The high visibility combined with our 100% delivery rate guarantee. Bypass information overload. Deliver key information even if the computer is on screensaver mode, locked or sleeping.
6 min read
Predictive and prescriptive analytics software have become invaluable business tools in today’s data-driven workplace environment. They offer a range...
7 min read
Your business is unique. What works for another business may not be the right fit for yours. When you invest in alert software in your business,...
8 min read
When you have important information to send and time is of the essence, you need an internal communications channel that will allow the majority of...