EDITOR’S QUESTION
WHAT BEST PRACTICE
APPROACH SHOULD
BUSINESSES TAKE TO
PASSWORD SECURITY?
/////////////////////////////////////////////////////////////////////////////////////////////////////////
Password protection is a critical
component of a strong business
cybersecurity strategy. Some experts
say that the number one rule for companies
to manage passwords securely is for their
employees to use different passwords across
all sites. However, in doing this, individuals
often forget their passwords, which not only
impacts their productivity in the workplace,
but also results in a headache for IT teams.
Businesses must-have a reputable password
manager, which will create complex, strong
passwords and store them in an encrypted file.
David Emm, Principal Security Researcher at
Kaspersky, said: “Businesses continue to invest
heavily in security solutions but it’s essential
for corporate security measures to cover not
only external attacks, but internal weaknesses
within an organisation. Due to human error,
negligence and a simple lack of knowledge,
staff often choose weak passwords, thereby
making themselves the weakest link in the
security chain. This applies particularly to
businesses – one employee with a weak
password could open the door to an attacker,
compromising the entire network.
“Passwords provide one of the first lines of defence against
cyberattacks and are frequently the only thing protecting
confidential business plans, intellectual property, communications,
network access and customer data.
“Therefore, it is so important to establish and implement a password
security policy that includes both technical protection and education
for employees. However, simply advising and exhorting businesses to
follow good security practices is not enough.
“In order to ensure that passwords are secure and to help
minimise the risk of a data breach, IT staff should enforce the
following practices:
• Prevent the re-use of old passwords – why go back to using an old
key when you’ve gone to the trouble of changing the locks? Make
sure to prevent the use of usernames as a password
• Enforce minimum length and use of a combination of letters,
numbers and non-alpha-numeric characters. Make every password
at least 15 characters long – the longer the better
• Implement a password manager such as Kaspersky Password
Manager, to help staff to create complex passwords
• Store passwords securely – for example, use secure hashing and
salting algorithms, so that a breach of the network doesn’t reveal
staff passwords
• Use two-factor authentication, especially for logging in to
strategic resources within the organisation.
32 INTELLIGENTCIO www.intelligentcio.com