Evolving and Adapting Workplace Security Culture
In today’s rapidly evolving digital landscape, the importance of a strong security culture cannot be overstated. As cyber threats continue to advance in complexity, organizations (big and small) must adapt their security practices accordingly. This post is all about exploring the evolving security culture, with a way we can make a positive change today.
The Changing Face of Cybersecurity
The days of using “password123” as a go-to password are long gone. Cybercriminals have become more sophisticated, employing a variety of tactics to compromise digital assets. As a result, the need for strong and unique passwords is more critical than ever.
The Power of Strong Passwords
A strong password is the first line of defense against unauthorized access to your accounts. Here are some key elements of strong passwords:
Length Matters
A longer password is generally more secure. Aim for at least 12 characters or more. For high profile accounts, such as administrators, will want something even longer, such as 16 – 21 characters in today’s standards.
Complexity Counts
Use a mix of uppercase and lowercase letters, numbers, and special characters to make your password harder to crack. From the NIST Special Publication (800-63B) they report that “the current ability of attackers to compute many billions of hashes per second with no rate limiting requires passwords intended to resist such attacks to be orders of magnitude more complex than those that are expected to resist only online attacks.”
Avoid Common Words
Steer clear of easily guessable words, such as “password,” “admin,” or your name. Your organization can also implement a word list associated with known breached passwords that prevent any words on the list to be used as a user login.
Uniqueness Is Key
Never reuse passwords across multiple accounts. Each password should be unique and not contain phrases or sections of previously used passwords.
Regular Updates
Enter the Password Manager
Remembering complex passwords for every online account can be a daunting task. This is where password managers come to the rescue. Password managers are powerful tools that securely store and generate complex passwords, making it easy for users to maintain strong security.
Key Benefits of Password Managers
- Enhanced Security: Password managers generate and store strong, unique passwords for each of your accounts, reducing the risk of a security breach due to password-related issues.
- Convenience: You don’t have to remember all your passwords; the manager does it for you. All you need is a single master password to access your vault.
- Cross-Platform Compatibility: Many password managers work seamlessly across various devices and platforms, ensuring consistent security.
- Two-Factor Authentication (2FA) Integration: Most modern password managers support 2FA, adding an extra layer of security to all accounts.
Implementing a Password Manager
While every organization is different, implementing a password manager across your organization can be a huge benefit and help reduce security risks. Here is a simple guide to getting started with a password manager:
- Choose a Reliable Password Manager: Research and select a manager that works best for your organization and security requirements. Cloud based password managers are quick and easy to setup, while on-prem keeps all of your data under your own lock-and-key.
- Install and Set Up: When configuring your password manager, each setup is unique. Some key points are ensuring a strong and unique master password for each user, and enforcing MFA/2FA for all users for login access.
REQUEST A CONSULT
- Importing Existing Passwords: Most managers allow you to import existing passwords from your browser or other tools (or even spreadsheets!)
- Generate Strong Passwords: When creating new accounts or updating existing ones, let the password manager generate strong, unique passwords for you. Cloud-based password managers sometimes have password lists and watchguards in place to prevent password reuse and using passwords that have previously been involved in a data breach.
- Enable MFA: Whenever possible, enable multi-factor or two-factor authentication for an additional layer of security.