Why is it so important to have strong passwords when protecting your online accounts, network logins and digital footprint?
A mountain of information is stored within user accounts that most people don’t even realize. Online accounts may contain credit card information, personal health information, banking data, and the list goes on and on.
Network accounts host information that is critical to your organization’s everyday business. Social media accounts and online backups like Google Drive and iCloud store personal information. Most people would cringe at the thought that a hacker had free reign of their photos and videos on their iCloud.
Strong passwords can minimize the threat of unauthorized access to your work and personal accounts. Here are some threat-minimizing guidelines to reduce your risk of being hacked:
Complexity: A complex password should include a combination of the following and be at least 12 or more characters:
- uppercase letters (a-z)
- lowercase letters (a-z)
- numbers (0-9)
- special characters (e.g., !, @, #, $, %, ^, *)
Avoid common words and phrases: Never use common words or sequential numbers (e.g., “123456,” “password,” “asdf,” “abcd1234,” “password1”). Another option is to use a password generator to create a random password.
Different password for each account: Never use the same password across all accounts. Once the “bad guys” access your account, they will use the same password across all accounts. Change your passwords often to reduce your risk of exposure.
Multi-factor authentication (MFA): MFA has become a standard utility across online platforms and a requirement for most insurance providers and regulatory bodies. MFA requires a password plus additional verification such as code or biometrics.
Never share passwords and monitor access: Never send your password via email. Never share your password. Keep a close eye on unusual access to accounts. Set up alerts to inform you if someone accessed your account from an unfamiliar device.
Educate: Educate employees and end users on the importance of password security. Share information about phishing and social engineering as much as possible. Enroll your employees in phishing training programs. Include information about social engineering in company newsletters. Check out https://kaco.org/insurance/loss-control-services/cybersecurity-toolkit/ for free education material.
Always implement policies and procedures that enforce strong passwords. Use password enforcement within your systems to help protect employee and customer information. The cost of a data breach is much more than the cost of a slight inconvenience of a complex password.
