Recent events have shown dramatically the importance of having secure passwords.
There is nothing like a data breach to get a company’s name in the news these days, you do not have to be big as this report shows to get into the news.
http://www.9news.com.au/national/2016/02/09/19/48/queensland-newsagency…
Few companies like it as its not just the loss of money, in this case $36,000 but also losses that cannot be measured internally such as their pride, and their customers trust in them. There is the added cost that a company might find itself liable for the damage as court cases by EFTpos and lottos organisations against some quite small storekeepers have shown in Australia.
However, much of computer security today is only as secure as your weakest password.
Here are some common mistakes that people should do in business with their passwords.
1) They should change all their passwords frequently. Many companies today require a mandatory password changes every 90 days because it's considered a security * practice*. Yearly should be the absolute minimum.
Worst case consider every year something like this
In 2015, - Charlie...2015 becomes next year - Charlie,,2016
2) Systematically review who has access to what in your system. If you go over the security levels, you may be surprised to discover just who can get where in your system. In one newsagency, they discovered that employees that left years ago still had unlimited access as no-one had been taking them out.
3) Please do not put passwords on a sticky note stuck on a monitor or the board where anyone can see them. All passwords if stored should be in a hidden place, e.g. in an obscure page in your diary with no indication to anyone that it's a password.
4) Try to force people to make a password that are a bit of a challenge, e.g. Tom should not use a password Tom.
5) If you find people are sharing a password, make them stop. This is hard as sometimes they have to share passwords but if this happens, get them to change the password immediately afterwards.
If your team can avoid these simple and common mistakes, you are already ahead of many organisations in protecting your information.
