When was the last time you thought about the password policy for your business?
This might seem like a small thing, but it’s one of your first lines of defense
from outside attacks. When we audit businesses, we typically find multiple
staff members whose passwords are set to never expire and have the account lockout setting disabled.
Now imagine it’s Sunday morning and you’re home enjoying a day off because your business isn’t open. Though you may not be working, a hacker on the other side of the world is using a simple program to try and decrypt your password. Since your account lockout feature is disabled, they can try what’s called a brute force attack and just keep trying passwords until they get the right one.
The time to crack a password can take seconds or minutes depending on complexity. Additionally, most passwords are FOR SALE on the Dark Web which grants instant access. Once you’re hacked or breached, it gives criminals access to your entire network and customer information database.
The best thing you can do is set a company password policy that requires a new password every 3 months, and has more than 13 characters. While that may seem like a pain and you’ll get complaints from people in the organization, it’s much better than finding out your system was hacked and losing hundreds of thousands of dollars, your reputation and potentially your entire business.
Teknologize has offices located in the Tri-Cities, Washington, 509-396-6640 and Bend, Oregon 541.848.6072.