5 tips to increase your business’ password securityPosted on 8 February 2023 by Beaming Support
When it comes to cyber security, your business can only be as strong as its weakest link. This means that ensuring all the passwords used in your organization are strong enough is the responsibility of business owners and employees alike. Read on for Beaming’s top tips on increasing your password security.
Tip #1: Use 3 random words
It’s important when devising a password that you are able to make it complex enough to be secure, but not so complex that you are unable to remember it. That’s why the NCSC recommends using three random words in order to strike the balance between strength and memorability. For example: beachglasskitten are three words that you’ll be able to picture and remember, without having an obvious link to you. Don’t be tempted to use significant dates (like birthdays) or names of family members or pets – most of these would be found easily through a quick search of a social media profile.
Interestingly, the NCSC also advises that swapping letters for numbers (an O to a 0, for example), doesn’t significantly increase the strength of your password – it will, however, make it easier for you to forget!
Tip #2: Ensure separation of work and home passwords
Reusing the same password across multiple websites is already bad practice – but an employee using the same password(s) they use for personal log ins for business purposes puts your data at risk. Their existing passwords are more likely to be weaker, and shared across multiple sites – meaning if one website is hacked, those log in credentials will be visible to hackers who could use that information to target your business. It’s important to emphasise the importance of using unique passwords to all employees, and explain the consequences of not doing so.
Tip #3: Consider using a password manager
Password overload, or password fatigue, is one of the main reasons why people develop bad habits – such as using easy-to-guess passwords, or reusing them across multiple websites.
A password manager is an application that stores all of your passwords in one place, secured by a master password that’s used to encrypt the rest of the database. This enables you to generate multiple strong, unique passwords whilst only remembering one. Learn more in our Business Guide to Password Managers.
Tip #4: Have clear standards on passwords & regular reminders
Don’t leave any uncertainty in your employees’ minds when it comes to password security. Have a clear set of rules that all employees are aware of, and ensure password security is a staple in your regular data security training.
Tip #5: Require multifactor authentication
Even unique passwords, using three random words, can only do so much. It is recommended to add an additional layer of protection. Multifactor authentication, also called two-factor authentication, requires two (or more) methods to verify your log-in attempt is coming from you, before allowing you access to an account. The two factors usually involve something you know – such as your password, and something you have – such as a mobile phone. You’ll likely have seen this in practice when logging in to social media sites from a new device, when you are prompted to enter a code that has been sent to your phone before you are able to log in for the first time. This second layer of protection makes it more difficult for attackers to be able to access your device (although not impossible, due to the use of two-factor authentication scams).
As with all cyber security matters, the more proactive you are, the more secure your business will be. Ensure all of your employees undertake regular cyber security training, and create a culture within your business of transparency surrounding cyber security matters.
Learn more in our cybersecurity resource hub.
Download the Beaming Guide to spotting suspicious emails
Learn how to spot suspicious emails and what to do if you receive one.
Warning: Call Connection Services
What is a call connection service? And how do you avoid the charges?
Can I still use 2FA if my phone is lost or stolen?
What happens if you don’t have access to your phone, but you need it to verify your log in attempt?
IT checklist for new employees
Here’s our checklist to help you ensure your new employee’s IT needs are in place before their first day.