Are strict password policies a necessity?

Are strict password policies still a necessity to help protect your organization's data? Not long ago, configuring a minimum password length, enforcing a password history policy, and setting a minimum password age were are all important steps in protecting your data. Additionally, enabling the setting that requires passwords to meet complexity requirements was also important. Resetting local admin passwords every 180 days was also recommended.

Unfortunately, strict password policies put the security burden on end users. This resulted in higher IT costs due to lost passwords and  requests for help in generating new ones.

In 2017 Google changed its policies and moved from strict password policies to policies requiring security keys for two factor authentication. This change had amazing results.  In 2018 Google reported the cost of password management to IT dropped to zero, and none of its 85,000+ employees were successfully phished! See Google: Security Keys Neutralized Employee

So complex, strict password policies have been replaced by security keys, which are not only more cost effective but more secure.  The National Institute of Standards and Technology (NIST) has published guidelines on digital identity that can help organizations learn more about this. NIST Special Publication 800-63B, Digital Identity Guidelines, provides a plethora of recommendations. 

Action needed: Review employee training protocols

 Cyber security threats are constantly evolving. It is essential to make sure that your staff are aware of the latest risks and how to protect against them.  Reviewing your employee training protocols regularly can help ensure that they are effective and up-to-date.

Make sure that your employee training covers the following topics:
.

• Using hardware security for two-factor authentication
• Follow best practices for keeping confidential information secure
• Using company resources safely and securely
• Recognizing and reporting phishing emails and other scams

By keeping your employees up-to-date on cyber security risks and best practices, you can help protect your business from costly attacks.

If you need help developing or updating your employee training, our team of experts can assist you. Contact us today to learn more about our services.

"Studies show that 95% of cybersecurity issues can be traced to human error."

- World Economic Forum

Don't let your guard down: protect your business with anti-malware software

As a professional or business owner, you can't afford to let your guard down when it comes to protecting your company from viruses and other malware. Even if you think your business is too small to be a target, remember that hackers are always looking for new ways to exploit vulnerabilities.

That's why it's so important to have robust anti-malware software in place. This type of software can help stop malicious code from executing on your computers and servers, and can also remove any existing infections.

There are many anti-malware programs on the market, but only a few can defeat ransomware and other advanced attacks. So it's important to choose one that has the proper security for your business. Consult with a cyber security professional for recommendations.

By taking these steps, you can help ensure that your business is protected from the ever-changing threat of viruses and other malware.