As part of our cyber security guides based on NCSC (National Cyber Security Centre) advice, today we look at password protection.
Your laptops, computers, tablets and smartphones will contain a lot of your own business-critical data, the personal information of your customers, and also details of the online accounts that you access. It is essential that this data is available to you, but not available to unauthorised users.
Passwords, when implemented correctly, are a free, easy and effective way to prevent unauthorised users accessing your devices.
Here are 5 top tips when using passwords:
Tip 1: Make sure you switch on password protection
Set a screen lock password, PIN, or other authentication method (such as fingerprint or face unlock). If you are mostly using fingerprint or face unlock, you’ll be entering a password less often, so consider setting up a long password that’s difficult to guess.
Password protection is not just for smartphones and tablets. Make sure that your office equipment all use an encryption product (such as BitLocker for Windows) using a Trusted Platform Module (TPM)21 with a PIN, or FileVault (on macOS) in order to start up. Most modern devices have encryption built in, but encryption may still need to be turned on and configured, so check you have it set up.
Tip 2: Use two factor authentication for ‘important’ accounts
If you are given the option to use two-factor authentication (also known as 2FA) for any of your accounts, you should do; it adds a large amount of security for not much extra effort.
2FA requires two different methods to ‘prove’ your identity before you can use a service, generally a password plus one other method. This could be a code that’s sent to your smartphone (or a code that’s generated from a bank’s card reader) that enter in addition to your password.
Tip 3: Avoid using predictable passwords
Make sure staff are given actionable information on setting passwords. Passwords should be easy to remember, but hard for somebody else to guess. A good rule is ‘make sure that somebody who knows you well, couldn’t guess your password in 20 attempts’.
Staff should also avoid using the most common passwords, which criminals can easily guess.
Tip 4: Help staff cope with ‘password overload’
If you manage how passwords are used in your organisation, there are several things you can do that will improve security. Most importantly, your staff will have dozens of non-work related passwords to remember as well, so only enforce password access to a service if you really need to.
Where you do use passwords to access a service, do not enforce regular password changes.
Passwords really only need to be changed when you suspect a compromise of the login credentials.
Staff will forget passwords, so make sure they can reset their own passwords easily. Consider using password managers, which are tools that can create and store passwords for you that you access via a ‘master’ password. Since the master password is protecting all your other passwords, make sure it’s a strong one, for example by using three random words.
Tip 5: Change all default passwords
One of the most common mistakes is not changing the manufacturers’ default passwords that smartphones, laptops, and other types of equipment are issued with. Change all default passwords before devices are distributed to staff. You should also regularly check devices (and software) specifically to detect unchanged default passwords.
IT support and solutions
If you need help with business continuity, cyber security and other IT solutions to help your business stay safe, innovative and reduce IT costs, we can help.
We understand the home improvement and renewable sectors and offer a host of bespoke IT solutions whether on a project, temporary or permanent basis.
To find out more, call Nisar Raja, QASSS IT Infrastructure Manager, on 0330 335 3354 or email email@example.com