In order to keep your business up and running and to avoid being hacked, your company must develop an effective password management policy. This is especially true for any business that must comply with HIPAA, PCI, and/or other regulatory compliances, as regulatory scrutiny and fines can be costly and time consuming. The following four steps can help protect your business from disruption.
Make Your Password Complex
Make passwords complex; don’t make it easy for hackers to access your company’s data. Include both uppercase and lowercase letters, at least one digit, and punctuation and special characters. Consider creating a passphrase that includes several words, but be sure to avoid expressions from movies or other everyday vernacular.
Avoid The Usual Suspects
Believe it or not, the most common password is “Password.” Whatever you do, do not use easy-to-guess passwords. Change all default passwords right away, and avoid obvious choices, such as your family name, your pets’ names, or your birthday. Also, not not allow employees to keep a Post-It on their desk with a list of passwords.
Change Passwords Often
Some systems automatically prompt you to change your password every now and then. For systems that do not already have this feature built in, consider making quarterly password changes mandatory for your organization. And remember: Recycling is good, just not for passwords.