Today’s technology gives companies access to infinite data. They can pay bills as well as invoicing customers, and manage all financial records and banking online. Everything, from an announcement for the next team meeting to highly classified information, can be organized and filed both on-premise and in the cloud for efficient access by all pertinent parties. With this incredible advantage comes an intense need for extreme security for companies. In addition to company info, many employees use one device for both business and personal - keeping massive parts of their lives alongside professional company information and therefore, adding another layer to security issues. Even the strongest security suffers corruption by unprotected passwords. Passing on words – if it can be found in a dictionary, don’t use it – for passwords is only the first step. Establish these password do’s and don’ts for every employee.
Do’s for every employee:
- Create passwords with 12-16 characters. Include uppercase and lowercase letters, numbers, and symbols. Use combinations that don’t “tie” to user information.
- Employ two-step authentication as often as possible.
- Select three – five master passwords; store remaining passwords in an encrypted plain text file.
- Change passwords on the first day of every quarter.
- Change password immediately if there is even the slightest possibility of being compromised and report all suspicious activity to the IT team.
- Keep passwords private – refuse to share them with anyone outside the system’s administrator - including team members or personal connections.
- Lock all devices – including phones – when leaving them in the office (even for a quick trip to the restroom).
- Be mindful of privacy when entering passwords.
- Use wisdom when browsing, clicking links, etc. Be constantly on alert for phishing.
- Use online paste and screen-capture tools carefully – ensure that passwords are not uploaded to the cloud.
- Only use devices which are protected with anti-virus/anti-malware software, for professional work – at the office and remotely.
- Report lost or stolen equipment immediately.
Don’ts for every employee:
- Use the same password for multiple important accounts.
- Store passwords on a piece of paper or other easily accessible document (yes – this is a common error).
- Store passwords on web browsers.
- Allow others to use your login ID or password.
- Enter your password in eyesight of others.
- Provide information such as login IDs, passwords, social security numbers, account numbers, etc. via unencrypted email
- Leave any device unattended while in a public place.
- Open an email or attachments from a questionable or unknown sender.
- Install unauthorized programs on your work (or home) computer
- Plug in unapproved personal devices.
- Use the names of families, friends, pets, nicknames, postcodes, house numbers, phone numbers, birthdates, ID card numbers, or any other personal facts, which are easily accessible via social media.
- Use any dictionary word in your passwords.
- Use fingerprints – they cannot be changed, but unfortunately, they can be cloned.
- Log in to important accounts on unapproved devices or when connected to public Wi-Fi or a free VPN
As an employer, it is your responsibility to ensure company and customer security. In addition to insisting on the above guidelines, immediately remove any user account either when it becomes unnecessary (a project is completed) or when the user leaves the company. Ensure that all access is appropriate for the employee’s role – don’t offer access beyond what is necessary for him/her to complete assigned work.
Your IT Manager will play a crucial role in establishing and enforcing password and other security. Whether you are seeking a direct-hire placement or contracting IT assistance, hiring both skill and integrity is crucial. At Cynergies Solutions, we take your IT security seriously. We have developed a unique reputation in the IT industry as a firm that attracts, hires and retains the best and brightest IT professionals. Contact us today for IT talent that understands security.