Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • IT Management
    • Mobile
    • PC Hardware

    How to Encourage Employees to Strengthen Password Security

    By
    Bill Carey
    -
    November 3, 2008
    Share
    Facebook
    Twitter
    Linkedin

      Alaska Governor Sarah Palin might not have realized how important her online e-mail account would be, but when she was chosen as the Republican vice presidential nominee, she became a target for hackers. David Kernell got into her account by using Yahoo’s “password reset” feature and guessing the answers to her security questions.

      The unfortunate fact is that “security questions” aren’t all that secure. It’s usually not hard to find out where someone was born, or even their mother’s maiden name. Somebody might have told Governor Palin that there’s no obligation to tell the truth when you answer those questions. You’re perfectly entitled to say that you were born in Bethlehem and that your mother’s maiden name is Barbarossa. Yahoo’s database won’t care.

      Identity theft is a very serious issue, even for the rest of us who aren’t running for vice president. For the individual, the threat of a compromised online identity isn’t so much about political tidbits or gossip. The individual’s reputation might be at stake–it could be some “friend” or spouse spying–but the more serious threat involves access to money and a ruined credit rating.

      Business consequences of weak passwords

      For a business, the consequences can be even more severe. If employees share passwords, or use easy-to-guess passwords, the business’s financial data or trade secrets might be compromised. And, if the business allows unauthorized access to customer data, the liability and loss of business reputation can be crippling. Businesses have two reasons to help their employees with online security: First, to protect their own assets. And second, to provide a tangible but inexpensive benefit to employees by helping them to protect their own online identity.

      For any given business, it’s likely that the employees are already worried about their online security, but they don’t have the knowledge or the tools they need to limit their risk. They think “hobbit” is a pretty clever password, despite the fact that they frequent a “Lord of the Rings” discussion board and have a picture of Frodo in their cube.

      The good news for business owners is that if they help their employees with their personal online security, it’s much easier to get them to follow good security practices for access to company data and systems. Furthermore, a business that helps employees with their online security will come across as a caring employer, rather than as a control freak that imposes yet another bothersome procedure.

      Five steps to take to increase password security

      If helped in a caring way, the work force will better understand the need for company security and will be much more willing to help the company implement a responsible policy. So, in what practical ways can businesses increase awareness of electronic security? Here are five steps any business can implement:

      Step #1: Assign someone in the IT department to keep an eye out for articles about security breaches and distribute these articles to employees, along with suggestions on how the security breach could have been prevented. This will keep security as a “top of mind” issue for the IT department and will force them to think about company procedures. It will also keep employees aware of the latest scams and threats. Be sure that the articles give about even representation to personal security and company security issues.

      Step #2: Let the IT department answer employee questions about online security. Once again, this will ensure “top of mind” familiarity with the topic among the IT staff, and will help educate the employees.

      Step #3: Purchase password-management software for the office, and allow employees to use it for their private accounts. There are lots of password management options available, but the most cost-effective is usually an enterprise password-management solution.

      Step #4: Have a quarterly or semi-annual brown-bag lunch to discuss the latest security issues, emphasizing both the company’s security and employees’ personal security. (Many employees still don’t know about phishing.)

      Step #5: Circulate a memo on good password policies, and include it in the package of information given to new employees. A sample memo on good password policies is provided below:

      Dear Employee,

      Computer security is an increasing problem for many companies and for many individuals. You’ve probably heard of the rise in “identity theft” and similar crimes. [Company name] has a strong interest in protecting our own trade secrets and data, but we also want to help our employees be responsible with their personal use of the Internet and electronic services.

      In the coming months, we will circulate stories about electronic security breaches, as well as tips and advice on how you can protect your own electronic identity. To kick off this effort, this memo provides a simple set of rules to help you create more secure passwords.

      First, be sure to remember the following four rules:

      1. Don’t use easy-to-guess passwords.

      2. Don’t write down your password in an insecure location or store it in an insecure computer file.

      3. Don’t share passwords with co-workers.

      4. Don’t use the same password for different accounts.

      Second, to create a strong password, use one of these four methods:

      1. Pick a word or phrase that you’ll remember, but substitute letters with symbols or numbers (such as @ for a, 8 for B, $ for S, etc. Using this method, “sambuca” might become “[email protected]@”.

      2. Use the first letter of a long phrase, using upper and lower-case letters, and the substitutions mentioned above. So, “One ring to rule them all, one ring to find them” might become “[email protected]”. This may seem difficult at first, but muscle memory will kick in and you’ll find yourself typing it with ease.

      3. Use an “upper left” or “lower right” substitution. This is where you replace a keystroke with the key next to it. Thus, “Finnegan” might become “E8hh3rqh” by replacing each letter with the letter to the upper left of it on the keyboard.

      4. Finally, it’s a good idea to change your password every month or so.

      We encourage you to take these suggestions to heart, not only for the passwords you use at your company, but in your personal affairs as well.

      Bill Carey is Vice President of Marketing at Siber Systems, a Fairfax, VA-based software company. For the last four years, Bill has advocated the importance of effective password management, best practices for preventing identity theft and other related topics. He can be reached at [email protected].

      Avatar
      Bill Carey
      Bill Carey is the VP of Marketing at Siber Systems, a Fairfax, VA-based software company. For the last four years, Bill has advocated the importance of effective password management, best practices for preventing identity theft and other related topics. He can be reached at [email protected]

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×