Passwords are like keys to locks. If you don’t have the key, you don’t open the lock. What if everyone had keys that could open any lock? Your security, email, identity, and business data would be at risk.

The list of 25 WORST PASSORDS FOR 2015 was released recently. Take a look. Do you use any of these? I have to admit that I’ve been tempted to use starwars as a password myself, I’ve resisted. Many weren’t as diligent.

Password security takes dedication and a true commitment to the cause. Check out my post on password security 101 to see the basics of how to keep your information secure.

How can you manage password security within your organization?

There’s a saying in the cyber security realm:

 “There are 2 kinds of businesses – those who have been hacked and those who will be.”

Technology is as essential as air. You need it. Your business can’t live without it. Luxuries are now necessities. Smartphones are your pace makers. Tablets replace desktops. Lighter. Mobile. Easier to use.

The term cloud isn’t new any longer. You’re likely connected to the cloud now. In fact, your neighbor is, too. So are your competitors or other would-be intruders. The opportunities for unwanted visitors snooping around your business critical data increase. The need to stay vigilant with password security has never been so important for your business.

All these CLOUD connections bring options for mobile devices (tables, smartphones, etc.) as they get smaller, faster, and easier to use from anywhere. Here again we mix business with ease of use. Buzz words like BYOD – Bring Your Own Device change the landscape of password security management as MDM – Mobile Device Management become more and more a necessity for your remote staff.

3 vulnerabilities that can happen to your business when password policies aren’t enforced

• Data Breach. We constantly hear about the big companies getting hacked – Verizon, Target, Home Depot. Lack of password management often-times is the entry point for breaches where information is actually taken. Companies incur great expenses to recover, if they recover at all.
• Ex-employees now work for a competitor – did you remember to disable their access to their contacts, email, client information?
• Complete loss of data – viruses, malware, phishing scams, and simply guessing your password is “password” allow the possibility of losing data. Forever. Statistics for recovering from this type of loss don’t look very encouraging for small businesses.

Businesses can take a strong stance against weak passwords. Strengthen your staff and sharpen your saw.

7 Best Practices for Small Business Password Management:

• Provide Education. Develop a curriculum for your staff. Make it part of any new hire’s orientation process. Review it on a regular basis with everyone. Remind folks of your policies, what to do if they are unsure or who to ask for clarification. Explain why they should care, what it means to them, and how they can take this approach for their own online identities. If you engage and empower your employees, they can become your greatest defense against outside threats.
• Set a policy for passwords. Look into automating the enforcement of password management. Most systems allow for creating rules based on password age, how long you can use the same password, character length, use of special characters, and can even prevent using the same password over and over again.
• Create an employee termination process. No matter the reason, once an employee is no longer an employee, access to corporate data needs to be shut off. Create a checklist of what passwords need to be changed, what data access needs adjusted, and what physical devices need to be collected. Voicemail passwords, key cards, vpn, and smartphones all can provide back door access to a disgruntled ex-employee.
• Mobile Device management. Smartphones and tables are more and more powerful with every release. In many instances, it’s now possible to replace your bulky yet powerful desktop workstation with a small, lightweight, and incredibly portable tablet. Access to information anytime, anywhere makes those type of devices highly desireable to not only your staff but to would-be hackers. Take the steps necessary to investigate MDM – mobile device management. If a smartphone is lost or stolen you can remove data, change passwords, and prevent unwanted software from being installed.
• Keep your technology up-to-date. New security vulnerabilities are being discovered all of the time. Patches, updates, new firmware versions all offer a remedy for that security hole that just opened up. When a system become end of life and out of date. The expense to upgrade can be far less than the expense to recover from a breach. Allow your IT support team the time necessary to patch your servers, switches, firewalls, etc. You may not be able to check email or access the internet for an hour during the night, but that is far more desireable than being unable to conduct business for 3 days due to a breach.
• Consider a 2^nd form of authentication. Passwords aren’t the only form of authentication available any longer. Two Factor Authentication has been around for awhile now. Look into scenarios where you physically have a device and combine that with something you know. Bio-metric scanners are allowing the something you have not turn into something you lose!
• Involve your IT managed services provider. By all means. Work with your trusted IT managed services provider or department for all of this. They can explain the cause/effect of any situation. They will be the ones to help write policies, put those policies into effect, change passwords, manage mobile devices, and keep your technology current. Work with them to understand your risks and your rewards when it comes to strong password management.

Businesses rely more and more on technology to conduct every aspect of their core. Faster, easier, more convenient devices make accessibility any time, any place a reality.

Cloud computing puts an increasing number of companies in the fast lane. Always on, always available services increase your opportunities to advance your business. These same resources that can give you a competitive advantage must also be protected.

With every increase in possibility for growth comes another possibility for a data breach. As a business owner, you can empower yourself and your staff to avoid complacency and remain steadfast in the movement to provide strong password management.

About MotherG

MotherG is an IT managed services provider closely monitoring our client’s technology, proactively preventing problems while helping them maximize profit and minimize cost. We are the trusted IT Managed Services partner that expertly manages all the important areas of your technology. Computers, servers, IT network, security, backups, cloud and hosted solutions, mobile devices, phones, etc. All of this from experts in the core areas of your technology. We’re friendly, caring and smart. See how we make it happen. 

Author information:

Joe Tricker is the VP of Service Delivery at MotherG. You can find Joe on Google+ and LinkedIn.