Passwords are the gateway to your company’s important documents, which makes it critical to protect them from hackers. As more businesses continue to work remotely, it’s important for CIOs to enforce password updates to keep company information secure. Troy Holwerda, President of Proxurve Solutions, explains how password protection strategies improve cybersecurity.
Announcer: I’m here with Troy Holwerda, President of Proxurve Solutions, an Indianapolis-based IT managed services company. Today, we’re going to continue on the topic of small businesses at risk for hackers. What are some common mistakes that are made? Troy?
Troy: Well, I would say that the most common mistake has to circle around passwords and authentication. And some examples of that is, you know, maybe you use your significant others name along with their birth date. That can be easily hacked by a hacker. They’ll do their homework and they’re going to know, you know, who your significant others are, you know, who your children are. Stuff like that… they just don’t go out there.. willy-nilly and around and stuff.
Troy: So, you want to make sure that you implement a stronger password, or what is termed a complex password. You want to have that as a minimum of eight characters. You want to do an upper and lower-case letter in there. You want to have a number or set of numbers in it as well as put an extended character on it which would be like an exclamation point or a dollar sign. And, the things that I’ve suggested to people… use, like, a makes a term you recognize and then you’re substituting some things in to make it a complex password.
Troy: Another part on passwords or authentication would be implementing what’s called multi-form authentication or MFA. And, for those that maybe don’t know or understand what that is, you’ve probably used it ….maybe haven’t known it but when you log into your bank, you probably have to either get a text message or an email with like a six-digit code that you have to put in. And that right there is multi-form authentication. They are verifying that just because you know the username and password that you also have access to a cell phone that is yours or an email address that is yours and you’re going to then secondarily authenticate that it is indeed me.
That is something that should be implemented. And I know that we always implement it whenever we’re doing a 365-solution implementation. And then that’s something that can be implemented. As far as the passwords is a password policy for changing the password. Again, I know that’s a real pain but it’s something that needs to be done in order to help protect the potential hacking for the intruders to get in. And a typical changing of password is somewhere between three and six months.
Troy: Some of our clients don’t like it but once we explain the benefits and the security around it they definitely understand why we’re implementing something like that. And, the third thing on the passwords part is don’t use the same password for every single system. Don’t use the same password that you use at the office or your bank….for your Netflix or whatever it may end up being. Don’t use that same password because if one of those databases does get breached they’re going to have your username and password and they’re just going to go have a big old party and try to figure out what it is that you have access to and they’re going to go break in.
Let Proxurve maximize your digital workplace productivity. We offer customized cybersecurity and IT solutions to protect critical data within your organization.