We are admonished regularly to change passwords frequently and make them complex. Our challenge of course is how to think of so many new passwords. I counted the number of my password protected sites and it was over 3 dozen! Most of us don’t have photographic memories, so having multiple unique passwords is a challenge to remember.
Why Strong Passwords Matter
We hear that we need to have strong passwords and there are several good reasons why.
- Stronger passwords are harder to hack. Cyber criminals have automated ways to scan for common passwords. Studies indicate an amazing number of people use one of a thousand passwords. (Believe it or not, “Rosebud” is quite common, as are “monkey” and sunshine”). Mathematically, passwords with a variety of upper case, lower case, numbers and symbols are significantly harder to crack than just letters and numbers.
- It makes it more difficult for hackers to access your system. So many hackers are attempting intrude into small business systems, you want them to have a harder time with your network. Instead let the criminals go after your competition that don’t have strong passwords.
- Cyber criminals often penetrate a company’s network months before someone notices anything. By changing passwords monthly, you improve your chances that the hacker does not get in again and do serious damage.
Start With Yourself
You are super busy running your business. How can you find time to change your password?
A great approach is to develop a personal formula. Include words, dates, places or other information that you remember. Maybe it is the initials of all the men or women you dated in college. Or the top music hits of your favorite musician. Maybe facts about your competitors. Now think of a rhythm that works for you. For example, always start with a symbol or place a number of the fifth position because your birth month is May, the fifth month. Here is an example, using a favorite holiday.
Event: July 4 1776
Fond memories of being 10 years old on the 4th of July
Symbol: ! because holidays are exciting
Spend a few minutes brainstorming on a personal formula or two. Then play with some examples. Set them aside for an hour or a day. You may find that one or two remain in your thoughts more than others and that will be a good place to start.
Share Best Practices With Staff
Take the time to inform your people why it is in your company’s best interest to have safe passwords. Most employees of small businesses really do want to help you succeed. If they understand how as well as why, you will have better buy-in from them.
And, be sure to have someone responsible for changing passwords on the generic company email accounts – like firstname.lastname@example.org, email@example.com and careers@your company.com. Cyber criminals are aggressively going after these email accounts as it is frequently a quick way into a company’s network.
Implement A Policy
It is so easy to think that only big organizations need written policies and procedures. But it is much easier to enforce behavior if you have a written reference on correct behavior. Your policy doesn’t have to be in a snazzy format or be long. A couple of paragraphs will work fine for most small businesses.
Include how frequently you expect the staff to change their passwords plus how long and complex the passwords need to be.
Reinforce Good Behavior
Think about creative ways to encourage and reward those that do change their passwords frequently. Perhaps establish a password change hour once a month on a Friday afternoon. After employees change their passwords, invite them to snacks or cookies and end of week chatting.
Do whatever works with your culture and reminds your staff that it is expected of them.