How a Strong Employee Password Policy Protects Your Business

Mar 16, 2023

notebook with passwords crossed out

Which of these would you call the strongest password?

  1. callme
  2. call4me
  3. call2Cm3

If you chose #3, you’re right.

Using strong, unique passwords is critical to protecting your business’s valuable data. It can help prevent hackers and other cyber-attackers from stealing identities, confidential business records, and customer and employee personal identity information (PII), like social security numbers, addresses, dates of birth, and credit card numbers.

CEG provides affordable, capable IT services that include helping your business protect its digital assets. As part of our consulting and management services, we offer network assessments to identify system vulnerabilities and will train your employees to recognize and protect your organization against cyber-attacks.

Why You Need to Build a Strong Company Password Policy

It’s estimated that over 80% of company data breaches are caused by poor passwords, and about the same percentage of hacking incidents are caused by stolen and reused login information.

Strong passwords are a first-line defense in protecting your business’s people and data. Unfortunately, many companies have weak or non-existent password policies that expose them to data compromise. Which is puzzling since most business owners agree data security is one of their top priorities.

Weak password security practices include:

  • Employees using the same passwords for personal and business accounts.
  • Not routinely updating passwords.
  • Choosing passwords that are easy to guess.
  • Not requiring two-step authentication.
  • Lack of training.

Hackers and other bad actors use automated software to submit hundreds or thousands of password guesses per minute to access individual and business accounts. Many of them use what are called “dictionary hacking tools” that simply run through words and variations until one unlocks an account. For instance, they might attempt apple, apples, apples3, apples4, etc.

When passwords that don’t resemble regular word patterns are chosen, it makes it harder and more time-consuming for the tools to “guess” them.

If cyber-criminals do manage to break through and guess passwords, they can damage your business in several ways:

  1. Reputational damage. Data breaches can instantly ruin a company’s reputation, with customers losing trust in its ability to protect their information. This can often lead to a company going out of business.
  2. Financial loss. Cyber-thieves often use stolen data to make large purchases or bank transfers.
  3. Compliance failure. If your company’s data is used for illegal reasons, it can be held liable and required to pay hefty fines and penalties.

Want to build a strong employee password policy for your business? These best practices can help you get started.

Use Strong Passwords

It might seem unbelievable that in 2023 the most popularly chosen password is still 123456, followed by 123456789. Other common choices include 111111, qwerty, and, astonishingly, “password.” Sadly, it would not take much time or effort for cyber-attackers to get past any of them.

Employees should use strong passwords that are at least eight characters long, contain a mix of upper and lower case letters, and include numbers and special characters. They should avoid using easy-to-guess passwords like mother’s maiden name, birthdates, and pet names. Lastly, it’s not a good idea for people to use identical passwords for multiple sign-ins.

Enforce Password Complexity Rules

Mandate employees to use passwords that meet defined complexity criteria. Along with choosing 8-character passwords that contain letters, numbers, and special characters, you can ensure maximum security by:

  • Use randomly generated unique passwords that are nonsensical combinations of upper and lowercase letters, numbers, and symbols.
  • Avoiding repetitive or sequential passwords like abc123 or 333333.
  • Set a minimum and maximum password life.

Keep in mind that, as most people dislike password complexity, it’s essential to not make complexity rules too stringent. Find a balance between security and convenience if you want buy-in and adherence.

Require Regular Password Updates

While some experts say that routine password updates are no longer necessary, it can sometimes make sense to require employees to change passwords, particularly if your company doesn’t use a password manager or multi-factor authentication.

One of the best arguments for changing passwords two, three, or four times annually is that it helps ensure if one is stolen, it can’t be used for an extended period.

Use Multi-factor Authentication

Two-factor authentication has quickly become the standard for managing access to organizational resources.

With multi-factor authentication, users log in with one set of credentials, like a password, and then “authenticate” their identity with a second factor, such as a security code they receive via text. This extra security layer is extremely difficult for hackers to get around. That makes it especially useful for organizations and industries that deal with highly sensitive accounts, such as banks and medical service providers.

Educate Employees on Password Security

Training employees on the importance of creating and managing strong passwords is one of the most effective ways to ensure password policy compliance.

  1. Avoid making your company’s password policy just “another set of rules” that must be followed.
  2. Make the value of security measures personal and help people understand how choosing strong passwords protects their own personal information and keeps their jobs secure.
  3. Include digital security issues in company updates.
  4. Conduct short lessons on cybersecurity risks and educate employees on how to recognize and report suspicious activity.

The more frequently employees hear about digital security and see that management takes it seriously, the more likely they will embrace your password policy.

Use a Password Manager

Password generators, managers, and strength testers are excellent tools for creating, storing, and testing your passwords. A password manager tool helps you generate and retrieve complex passwords by storing them in an encrypted database, reducing the risk of employees using weak passwords or reusing the same password for more than one account.

Implement Password Policies Across All Systems

If you want a secure network environment, it’s imperative for everyone in your organization to use strong passwords across all devices, including desktops, laptops, mobile devices, apps, servers, and cloud databases.

Your IT team should create universal rules that all users must follow, track all password changes, and communicate when a password has expired or been compromised. You should also have steps in place for changing passwords when an employee leaves the business and recommend that employees not share passwords in clear text over the network.

Computer Support and More From CEG

An increasingly digital world offers many great conveniences and opportunities and conveniences. But it also exposes companies to a greater risk of cybercrime, with attackers constantly on the lookout for ways to steal sensitive information. And while corporate breaches get the most headlines, hackers actually prefer to target smaller businesses that often lack proper digital security measures.

By implementing the above tips and creating and maintaining a strong password policy, you can ensure your business isn’t an easy target for those who wish to do it harm.

Not all IT companies offer outsourced services that help businesses protect their digital assets. Talk to CEG today about how our IT security professionals can monitor your system for suspicious activity and ensure your protection levels are continually upgraded.

Contact us online to learn more about all the computer support services we offer.