Why Passwords (Still) Matter

Subscribe to Our Blog

The greatest asset your company owns and manages is data. Customer, distribution and sales data is critical to your future. There are many ways to protect your assets. Still, the most straightforward protocols to implement can get overlooked. 

Does your company have a robust password protocol (or policy) in place? If not, you have opened your company data to cybercrime. And the hack may come from the inside.

Companies that have been hacked in the last 18 months say half these incidents were an inside job, according to the 2019 Global Data Exposure Report, a survey by data protection firm Code42 of 1,600 information security leaders and business decision makers.- CNBC

5 ways to protect your corporate data

MainSpring is a technology services provider in Maryland, D.C. and Virginia. Many company and government agency employees in our region are still working from home. IT teams, HR departments, and business leaders are re-writing company policies to keep pace with the changing environment. We suggest the following 5 ways to protect your corporate data:

  1. Encryption
  2. Anti-malware protection
  3. Operating system updates
  4. Secure log-In through a VPN
  5. Ongoing employee security training

In addition to these 5 ways to protect your corporate data, a robust password protocol should remain at the top of your security checklist. Whether a threat from within or outside of your firewall, a passcode protocol is your first line of defense.

Why passwords matter

Recently, I wrote a blog titled Security First. As you evaluate your current password program, you may also want to review this companion blog.

In this blog, I will examine ways to strengthen a password and add a second layer of security with secondary authentication or 2FA and password software applications.

As employees remain as a Work from Home (WFH) workforce, the threats to company data expand. It is not only the person a few cubes down the hall that should worry you, but also the person that lives in your neighborhood. Whose eyes are on your data? 

The best password

A robust password program starts with the actual password. Security starts with the password picked by your employees. During security training, ensure that the below 5 tips are conveyed:

  1. Never use personal information as a password.
  2. Do not include real words in your password.
  3. Always include special characters.
  4. Try to create a password that consists of 10 characters.
  5. Change the password often and use a different password for each account.

Use two-factor authentication

Today, it is not adequate to just use an employee-generated password. Consider deploying a second layer of security with 2FA or two-factor authentication. What is two-factor authentication, and how does it work?  

Two-step authentication or dual-factor authentication takes a single-step process (using a password) and adds a second step or layer of security. To view data or use a software application, the user must successfully complete both steps.

A password is one factor. Adding a second factor can include using a security token, an ID card, a mobile device, or even a fingerprint. Many of you experience multi-factor authentication today when you receive text message codes from activating or re-using an alccount from you TV or utilities provider, or your credit card company.  

One step passwords are based on knowledge. Knowledge can be hacked. Security Tokens, ID Cards, and mobile devices depend on the possession of the item. Biometrics such as fingerprints, eye scans, or voice recognition score high on a robust 2FA program.

Why use a password manager?

If you are like me, you use multiple software applications and email platforms every day. As the first line of defense against hackers, I use a unique password for each. Also, to remain secure, I avoid keeping a list of my passwords. I don’t know about you, but I cannot remember multiple 10 character passwords. My day is too hectic. Instead, I use a password manager.

A password manager allows users to manage complex passwords. It stores passwords in an encrypted database, or it generates a new password on demand.

Recently, MainSpring became an integrator for LastPass.

LastPass for Business “simply and securely connects employees to work…From authentication to access to passwords, LastPass manages every entry point to your business so you can mitigate risk.”

Remember to restructure your password protocol, add two-step authentication, and also consider using a password manager.

MainSpring, Inc is a technology integrator in the DMV region. How can we help you and your organization?