It seems that every few weeks we are hearing about new security breaches in organizations where usernames, passwords, and other critical information are lost. Big ones make the headlines, small ones frequently go unacknowledged. Naturally, to your business, there is the fear of what happens if you are the next compromised company. Between reputation loss, financial loss, and even trade secrets, it's a very scary topic.
Fortunately, there are many simple steps you can take to help safeguard your organization from easy vulnerabilities. A connection many don't make is that the compromised credentials from one data breach could lead to your systems being accessed by an unauthorized person. Best practices dictate that you don't use identical passwords with different services, but we all know that is rarely adhered to. One solution that will help address this problem is using a password manager. There are many good solutions out there like Lastpass. I'll discuss those in a future post.
Sufficiently complex passwords are another important part of security. Unfortunately this is challenging, because many of us struggle to remember complex passwords. One tip I give clients is to forget the gibberish passwords many are accustomed to and think of a phrase you are likely to remember. Something like "I drank 12 cups of coffee this morning!" meets all of the usual password complexity requirements, while being something you are more likely to remember than Qblse@122$#$.
In future posts, I'll address handling different passwords for different sites, multifactor authentication for giving your security a significant boost, and other hopefully helpful topics.