EDITOR’S QUESTION
WHAT BEST PRACTICE
APPROACH SHOULD
BUSINESSES TAKE TO
PASSWORD SECURITY?
//////////////////////////////////////////////////////////////////////////////////////////////////////////
P
“
ONE EMPLOYEE
WITH A WEAK
PASSWORD COULD
OPEN THE DOOR
TO AN ATTACKER,
COMPROMISING
THE ENTIRE
NETWORK.
26
INTELLIGENTCIO
assword protection is a critical
component of a strong business
cybersecurity strategy. Some experts
say that the number one rule for companies
to manage passwords securely is for their
employees to use different passwords across
all sites. However, in doing this, individuals
often forget their passwords, which not only
impacts their productivity in the workplace,
but also results in a headache for IT teams.
Businesses must-have a reputable password
manager, which will create complex, strong
passwords and store them in an encrypted file.
David Emm, Principal Security Researcher
at Kaspersky, said: “Businesses continue to
invest heavily in security solutions but it’s
essential for corporate security measures to
cover not only external attacks, but internal
weaknesses within an organisation. Due
to human error, negligence and a simple
lack of knowledge, staff often choose weak
passwords, thereby making themselves
the weakest link in the security chain. This
applies particularly to businesses – one
employee with a weak password could open
the door to an attacker, compromising the
entire network.
“Passwords provide one of the first lines
of defence against cyberattacks and
are frequently the only thing protecting
confidential business plans, intellectual
property, communications, network access
and customer data. Therefore, it is so
important to establish and implement a
password security policy that includes both
technical protection and education for
employees. However, simply advising and
exhorting businesses to follow good security
practices is not enough.
“In order to ensure that passwords are secure
and to help minimise the risk of a data breach,
IT staff should enforce the following practices:
• Prevent the re-use of old passwords – why
go back to using an old key when you’ve
gone to the trouble of changing the
locks? Make sure to prevent the use of
usernames as a password
• Enforce minimum length and use of a
combination of letters, numbers and non-
alpha-numeric characters. Make every
password at least 15 characters long –
the longer the better
• Implement a password manager such
as Kaspersky Password Manager, to help
staff to create complex passwords
• Store passwords securely – for example,
use secure hashing and salting
algorithms, so that a breach of the
network doesn’t reveal staff passwords
• Use two-factor authentication, especially
for logging in to strategic resources within
the organisation.
www.intelligentcio.com