WHAT EVERY BUSINESS SHOULD KNOW ABOUT PASSWORD PROTECTION
73 percent of Americans have experienced some sort of cyber crime and nearly a quarter of all cyber crimes go unsolved. Many small business owners mistakenly believe that they aren’t big enough to need to worry about password protection. But that’s the same as thinking you shouldn’t lock your business at night because it’s not big enough to attract vandals and thieves. The truth is that many crimes happen because the criminal sees an opportunity and takes it. Every time you use a weak password, you’re presenting an opportunity.
Whether it’s from a dishonest employee, a disgruntled competitor, or a hacker millions of miles away, your passwords should protect you from intrusion. But if you’re not taking your passwords seriously, you’re putting yourself and your business at risk. As the owner, you must understand what constitutes strong password protection and teach it to your employees.
# 1. The easier a password is to remember, the easier it is to hack.
If your only requirement for passwords is that they be easy to remember, you’re going about this all wrong. Choosing an easy to remember password like your child’s name or your birth date makes it easy for anyone who knows a little bit about you to get into your accounts. With the popularity of social networking sites, it’s possible for a determined stalker to find out more information than ever.
Instead, require your workers to use passwords that contain a combination of capital letters, lowercase letters, numbers, and symbols. In fact, the best method is to just distribute a new password to your workers. This way you can be sure that the security of your entire company isn’t hinged on whether someone can guess the name of your CFO’s cat.
# 2. Forcing users to update their passwords frequently is a must.
Forcing your employees to choose strong passwords is just a start. You should also force your users to choose a new password frequently. This way, if someone gets their hands on one of your workers’ passwords, it’s good only for a limited amount of time. Many business software programs allow you to automatically require password changes every few weeks. If available, enable this option for better password security. The frequency is up to you but make sure it’s at least several times a year.
# 3. Move to HTTPS ASAP.
When you log into sites, you may notice that the URL in your browser suddenly starts with an “HTTPS” instead of an “HTTP.” That’s because those sites are using secure protocols to take your information. This helps defend against certain types of cyber attacks. Most professional software doesn’t even give you a choice. But when given the choice, always choose to require HTTPS for your Internet logins.
# 4. Enable passwords on everything.
Passwords can’t protect anything if they aren’t enabled in the first place. This may not be a problem with company specific software because it usually comes with a required password. However, things like screensavers on computers may not. And don’t forget your mobile devices. You may think it’s convenient to disable screensaver passwords on your phone or tablet, but that’s even more convenient for someone trying to invade your privacy. Require all employees of your company to keep passwords on any equipment used to access company files or that may contain any information related to your business.
# 5. Disable the save password option.
Not only should you enable passwords everywhere, you must make sure your devices aren’t giving away the passwords for you. Many computer operating systems and Internet browsers allow you to save your password so you don’t have to enter it each time you go to a certain program or websites. If it’s a business computer, disable that option wherever possible. All an intruder has to do is boot up the desktop or run off with the laptop to have access to your information. It’s much safer to just type the password every time.
# 6. Keep information about passwords locked up tight.
As the owner, you have a right to know every password of every employee in your company. But where you store that information has to be as secure as the passwords themselves. You can save passwords in programs like LastPass or DataVault to keep them away from prying eyes.
You could also just go old school with a hard copy of the passwords. If you do that, the hard copy must be in a secure location, like a safe. In fact, use the same security precautions you would use for your money. Limit access so in the event of an issue you have a short list of people who may be responsible. Your business passwords can be some of the most valuable information you have and you should treat them that way.