It’s hard to know where the biggest privacy threat to data security comes from these days — the NSA, a hacker halfway around the world, or the new guy in your IT department.
Hackers from Iran recently ran a social media scheme dubbed Newscaster, where they lured both current and former government officials into clicking on a link to a fake news site to steal their passwords and credentials and download malicious software. Researchers also found that video from both Google Glass and the Samsung smartwatch can be used to detect your PIN or password from up to 10 feet away.
There’s no doubt that keeping your data safe is becoming more difficult as technology advances. According to the National Cyber Security Alliance, one out of every five small businesses falls victim to cybercrimes each year, and about 60 percent go out of business within the first six months following an attack.
Despite the risks, many companies still neglect basic password safety. But as a business owner, it’s your responsibility to implement and enforce basic security measures to protect your customers and employees. Here are a few best practices to put in place:
1. Require routine password rotation
People don’t realize how easy it is to crack email or username passwords. We tend to reuse passwords and don’t understand that once they’re compromised on one site, hackers will use them to access our accounts on other sites.
Don’t trust your employees to rotate passwords. Program the applications they use to force a new password once a month, and take advantage of tools such as 1Password to manage various passwords for all your accounts.
2. Establish a strong password protocol
Anything humans can read, a computer can easily crack in seconds. Be aware of your surroundings. Your organization’s security is only as strong as its weakest link. Your IT department should establish a solid foundation for security by programming rules for strong passwords.
Don’t let your employees use passwords like “1234” or “password.” Employees should also have different passwords for work and personal accounts. If an employee’s personal account is compromised, it can put your data at risk.
3. Don’t share passwords
With so much trust and camaraderie within small companies, employees may not think twice about sharing account passwords with one another. However, not knowing who has access to which accounts could become problematic if an employee leaves your company or is let go. Have unique logins for every employee and each application he or she uses.
4. Secure data accessed by passwords
Your systems should be set up to require user authentication to access any data. This not only protects your data, but it also allows you to monitor who accesses it or makes changes to anything on your systems. Set security levels for a user or groups of users based on their position — and the size of your company — so each employee can only access the systems, drives, and files necessary to complete his or her work.
5. Educate employees on password usage
Education is the most powerful tool at your disposal. Communicating to employees how their data could potentially be hacked and training them on best practices is your best protection. Make sure employees feel obligated to notify the company if their identities are stolen or security of any kind is compromised.
Educating your team about how much damage a data breach can cause should be a top priority. In fact, given the potential damage that could come to your company, your employees’ job security could depend on it.
Passwords are the keys to your data. If someone gains access to them, you’ll lose customer confidence, revenue and productivity — and you could wind up in serious legal trouble. It’s your company’s responsibility to protect customer data, and keeping that data safe starts with a strong password. Keep your employees informed so the possible effects of not securing passwords guide their actions every day.