Creating Better Passwords
Employees should create strong passwords with a variety or letters and numbers, and change them often, usually every three months or so.
The definition of a ‘strong’ password, however, varies, as some believe length trumps complexity.
Ahlberg thinks passwords should be at least eight characters long and include both upper and lower case letters, special characters (i.e., dollar signs, ampersands, exclamation points, etc.), and should not be proper words.
Takacs recommends passwords be 14 or 15 characters long, and, he chides, never use the same password between any two services like for Facebook, a bank, or a work account. “Not having a good password policy is a mistake many companies make,” he confirms.
For those struggling with the sheer volume of passwords, there are tools available to help. Password managers will not only store passwords but create them, so users only have to remember the password to get into the program. Some programs are free, such as LastPass and Dashlane.
Takacs also recommends using two-factor authentication for account logins, which adds a second level of security. An example is the personal identification number (PIN) used with some debit cards, bank accounts, or phones, which can also be a fingerprint.
Other logins will send users an email or text to confirm identity before granting access to sensitive information.
Always Update
Logically, having the latest security software, operating system, and web browser provides layers of defense against malware, viruses, and other threats. And a crucial part of this protection is always updating applications when prompted to do so.
“Update Windows and any other business application used on a regular basis,” instructs Ahlberg. Further, he notes, “make sure those updates took place, ask for status reports.”
Outdated operating systems are a major no-no as they are no longer supported by Microsoft’s protection. Just as dangerous is not staying current on new system patches to protect PCs from viruses, spyware, and other attacks.
A perfect example was the WannaCry malware attack that affected users in more than 100 countries last May. Those who had applied Microsoft’s Windows patches released in March were spared; others were forced to pay a bitcoin ransom to counteract the infection.
Victims who had complete backups of their files were also better off, and it goes without saying that files should be regularly backed up, with data stored in the cloud or offsite.
