No matter how small your business, you need a clearly defined password policy. Passwords are often your first, but not only, line of defence against unauthorised access. So how can you make sure that your passwords are protected?
Cyber security specialists from FSB Cyber Security explain what a password policy should include and share five reasons why you need a password policy in your business.
What is a password policy?
A business password policy is a set of rules that you and your team follow to increase cyber security and reduce risk of the bad guys getting access to your systems. A password policy will contain details about:
how often passwords should be updated
where they should be stored (e.g. in a password manager)
the requirements for password complexity
acceptable use
best practices
You might choose to add your password policy to your staff handbook so that everyone in your organisation is aware of the correct procedures to follow. The National Centre for Cyber Security has further guidance on secure password strategies you can implement.
So, why is having a password policy for your business so important?
Whether it’s your business’ social media channels, email accounts or customer information, keeping your digital assets safe protects your reputation and your bottom line.
It protects you against cyber-attacks and data breaches
Safeguarding your business’ data and customer details is of paramount importance and there are countless consequences that a cyber-attack or data breach can have - financially, professionally and legally.
A password policy that works to prevent repeat passwords being used across multiple accounts and platforms can help to make you less of a target for cybercrime.
It helps to prevent unauthorised access
You know who has access to your safe or business premises, but who has access to certain business accounts? How do you control their access to the account details?
Using a password manager means you can see at a glance who in your team has access to different accounts, or what accounts you have that are related to your business. Many also have a feature where you can authorise someone else to use the password without seeing it, thereby stopping the password from being inadvertently leaked.
It makes sure your procedures are followed consistently
It’s key that the advice within your policy followed consistently, from the top down, throughout the entire organisation, in order to minimise any weak links.
This can have a wider impact on your reputation in the eyes of customers and clients, as you can show you’re prioritising security and their data privacy - especially if you’re handling confidential information.
It encourages two-factor authentication and extra security
Using two-factor authentication adds an extra layer of protection to an account. It also blocks log-in attempts from new or unknown locations, even if the password entered is correct, and will ask you to verify your access with a code. This is done through an authenticator app, or a text or call to a trusted number linked to the account.
A password manager promotes extra security by helping to prevent users sharing passwords between accounts. Using the same passwords and log-in details across multiple platforms or websites can lead to security issues if just one account is compromised or part of a data breach. Cyber criminals will then attempt to access other accounts using the same details; this is a very effective technique for the bad guys.
It keeps your team informed
Cyber security can seem daunting, but if your team understands the processes to follow and know what’s expected of them, it can help employees to be aware of cyber threats in both their day-to-day role and their personal lives.
As employees come and go in your business, you might be concerned about data leaving your business. You can a check in the settings of most accounts to see which devices are currently linked, revoke their access remotely and remove any unauthorised devices.
Comentários