Require Strong Passwords
Enforcing a password manager protects your business.
Strong Passwords Mean Safer Business Accounts
Small to medium businesses are a regular target for malicious hackers and a common entry point for digital thieves is stolen or weak passwords.
But the good news is, you can keep your business safe by requiring employees to use strong passwords and password managers.
Set the example by using long, random, unique passwords on all your personal and business accounts—and use a password manager to remember them! Then work with your IT staff or provider to require employees to use strong passwords to access your systems. This will keep your data safe and protected.
Encourage Strong Passwords in the Workplace
Create a safer workplace by establishing smart employee password practices.
1. Require strong, unique passwords.
Keep your networks secure by enforcing strong password policies. Strong passwords are:
- Long—at least 16 characters long (even longer is better).
- Random—like a string of mixed-case letters, numbers and symbols (the strongest!) or a passphrase of 5 –7 random words.
- Unique—used for one and only one account.
Speak with your IT department or security manager to require strong passwords. Often, you can create user settings that require that passwords meet certain standards and criteria (such as requiring capital and lower-case letters, numbers and symbols).
2. Provide an enterprise-level password manager for your employees.
An enterprise password manager can be a good step to increase security for a smaller company. A good password manager creates, stores and fills in passwords automatically so you only have to remember one strong password—for the password manager itself.
Providing a company password manager will make it easier for your employees to use strong passwords and protect themselves, your business and your customers.
As you grow, you will probably want to move to an identity and access manager (IAM) with single sign-on (SSO). But a password manager is a good first step.
3. Require that default credentials be changed on all software and hardware products.
Many hardware and software products come “out of the box” with default usernames and passwords that are easily exploited. These default passwords may be physically labeled on the device or even readily available on the internet. Require that staff change all default credentials.
Other Ways to Protect Your Business
Online criminals are always looking for easy targets. Businesses that don’t take basic precautions are at risk. Take the following steps to make it harder for malicious actors to access your data or trick an employee into allowing access to your systems.
Protect your business, your employees and your customers with easy and effective safety habits and policies.
Harmful links or attachments could provide unauthorized access to information or infect your network with malicious code. This can result in data being held for ransom.
Using more than a password to access an account—such as a texted code, authenticator app, fingerprint or access card—makes an account safer than a password alone!
Flaws give criminals an opening. Programmers publish patches, but you must install them to get their protection. Smaller businesses are often running outdated software because they don’t have full-time IT staff keeping up.
Learn how to get involved and become a Cybersecurity Awareness Month partner!
Share this with your IT provider/staff and encourage best practices to protect your systems.
By choosing good passwords and keeping them confidential, you can make it more difficult for an unauthorized person to access your information.
Small and Medium Businesses
Ready for more?
CISA offers free information and tools to help small businesses protect their people, customers, intellectual property and other sensitive data.