Whilst the computers and networks within an organisation undoubtedly need protecting, the weakest point in any security setup can often turn out to be the people who use the system.
If you have responsibility for running a network then the amount of technology you employ to protect it will be of little consequence if users find a way to create a hole in the system. And try they likely will, be it through the use of Shadow IT, general poor practice or the use of inadequate passwords.
Considering how many home users are unable to secure their own systems, it is hardly surprising that security personnel have to employ tools and policies to prevent them from causing havoc on the business network. Such hand-holding is essential in order to protect both the company and the users themselves.
One of the main issues that will leave IT administrators pulling their hair out is the password system. Recent post-breach dumps have shown time and time again that employees will gravitate towards the simplest of passwords whenever possible, such as “123456”, “password”, “password1” and other such classics.
Unfortunately, such easy to guess passwords are quite typical amongst the majority of users on their home PCs and probably even more so on the machines they use at work. After all, if they are lax about their own security at home, what are the chances that they’ll care enough when using someone else’s computers, including yours?
Thats why, as a person who is in charge of the security of a business or corporation, you have to take responsibility to ensure that you set up some sort of password guidelines. The employees within your organisation may not be too happy about such guidelines but you cannot let such sentiment sway you from implementing rules to block certain passwords. After all, your primary concern is to keep them and the organisation safe.
So, beyond blocking the use of certain passwords that are known to be easily cracked (i.e. words found in the dictionary) what else can you do to ensure that your company’s users are employing strong passwords?
A combination of two approaches is best. Firstly, a technical solution would be to ensure that passwords have a minimum length and have to contain upper and lower case letters as well as numbers and symbols. It would also be good practice to set the system up to require password changes on a regular basis too.
The second approach would be through an awareness program. If done right, you could teach your employees why strong passwords are necessary to protect themselves in their day to day lives (there are plenty of breaches, such as the one at eBay, being reported lately which should provide plenty of background info) and, thus, why they are even more important when they are working on the company system.
And, if you need any tips on how to create a strong password, you can find ten of them right here.