Page 64 - Cyber Warnings
P. 64
Make 2017 the Year of the Employee Password Audit
By Anita Sathe - General Manager, CoverHound & CyberPolicy
The New Year is the perfect time for reflecting, organizing and setting goals. Whether you’re
looking to learn a new language, working to rid your home of clutter or hoping to lose a
few pounds, it feels good to start fresh and improve your quality of life as a new year
rolls in.
Businesses can also benefit from initiating various forms of self improvement. In fact,
these first few months of 2017 are the perfect time for companies of all sizes and
industries to take a step back and carefully evaluate a component vital for business
health and security: employee passwords.
It’s an unfortunate reality, however even non-malicious, well-intentioned employees can cause
serious harm to businesses. No matter how much your company spends on cybercrime
prevention or how many cybersecurity professionals you may employ, all it takes is one
employee to introduce a security weakness (such as a weak password) and your entire security
chain can come crumbling down.
To protect the security of your business and prevent hackers from penetrating your network,
make a resolution to “clean house” this year and conduct a company-wide password audit. In
particular, be sure to outline the following three best practices with your employees:
1. Use different passwords for different accounts.
It’s tempting to use the same password for any/all accounts, mostly because it’s just easier to
remember one single password! However when employees reuse the same password for their
work and personal email, for instance, or for their LinkedIn and Google Drive accounts, a
serious security risk is introduced. Because if just one of those accounts is ever hacked, the
employee’s password can serve as an easy and all-encompassing entry point for fraudsters.
Make sure your employees understand the gravity of reusing passwords across all of their
personal, work and social media accounts, and confirm that in 2017 they’re using only unique
passwords for each of their accounts.
2. Implement two-factor authentication.
Two-factor authentication, or 2FA, adds an extra step to basic log-in procedures, and it’s crucial
for individuals and businesses alike. Without 2FA, employees can enter their username and
password and they’re done, however with 2FA, they’re required to have access to two out of
three types of credentials (including their password) before being able to access an account.
Those three types of credentials include the following:
64 Cyber Warnings E-Magazine February 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
