Skip to main content
Rehmann
Rehmann
Solutions
Industries
Resources
About Us

Empowered Chats: Password policies

November 3, 2022

Ransomware attacks increased by 150% in 2020, according to a Harvard Business Review study, and a recent study from the Ponemon Institute found that a threat actor can be in your organization’s systems for an average of 287 days before you even know it. Although statistics like these are disconcerting, you can take steps today to defend your organization’s most valuable information – what we like to call your organization’s crown jewels.

While attacking your organization’s firewall could prove tricky for hackers, getting in through your employees can be a much easier route. This is why having a password policy in place is so important. We sat down with Aaron Meadows, senior systems engineer, and Phil Koster, senior solutions engineer, to understand why strong passwords are critical, the tools you need to help employees remember passwords, and the best steps for implementing a password policy at your organization.

Your first line of defense. If you’re a business that operates out of a brick-and-mortar location, you would not let just anyone roam freely in your building. You would likely have a receptionist at a front desk check them in, and you’d understand visitors’ purposes for being there as well as have certain security measures in place restricting certain areas. In a cybersecurity space, although not physical, you can treat your passwords as if they’re your receptionist – they’re your first line of defense. Strong passwords verify a person’s identity and will ensure that not just anybody is able to get into your systems and do whatever it is they’d like once they’re in.

Creating strong passwords. If you’re not an expert who lives and breathes cybersecurity every day, you may not know the criteria for creating a strong password. If you’re looking for some guidance, a chart, like the one pictured below, can help to show the best combination of numbers, letters, and special characters to use.

However, password policies aren’t only about having hard-to-guess passwords; you also want to make sure you have a variety of passwords. It’s common to use the same password across many platforms because we can only remember so much. The problem with this is that once a threat actor guesses it once, all the platforms you’ve used that password on are compromised. A variety of passwords is going to limit your risk to exposure.

How can I remember all of this? In theory, it sounds great to have multiple, complicated passwords across all your organizations platforms. But is it feasible? Your employees are already tasked with so much and you don’t want to burden them further. Password vaults can be great solution to help your employees keep track of all their passwords. A password vault will keep track of the website and the login information for that site, taking the burden off employees’ shoulders. These vaults will integrate with web browsers and have a mobile option as well. Some password vaults even have tools to help generate strong passwords and will integrate with multi-factor identification solutions. With a password vault, all you need to remember is the password to the vault – you’ll just want to ensure the vault’s password is very strong. Some password vault services we recommend: LastPass, 1Password, Bitwarden, and Dashlane.

Cybersecurity is a business risk. When it comes to cybersecurity and passwords at your organization, you want to treat it just like any other business risk. If employees are allowed to create short, easy-to-guess passwords, it’s likely that’s what they’ll do – it’s the path of least resistance. Educating your employees on why strong passwords benefit everyone – and having a policy in place that enforces strong passwords – will go a long way in ensuring the use of secure passwords.