Posted on April 17, 2019 by Louise Howland
In the 5th episode of Cyber Chat, Rob May explains the importance of strong passwords and gives tips on how to better manage your passwords.
Managing the ongoing cybersecurity of your IT infrastructure should be a primary concern – whatever the shape or size of your organisation. Cybersecurity breaches are the number one threat in today’s business landscape. Incidents come in many forms: cyber attacks; laptops left on trains; malicious staff; or, even more simply, accidental data loss caused by human error. The human firewall is vital as a line of defence for any organisation and in this video Rob, author of The Human Firewall (available on Amazon) explains what the Human Firewall is.
Hi I’m Rob May. I’m Managing Director of ramsac and welcome to Cyber Chat
I want to talk to you today about passwords. What’s your password policy? Do you have a password policy? There’s a chart, in fact, if you google this, there’s a top 25 list of passwords by country. So, in the UK, the number one password is 123456. And it’s shocking. When I’m doing training sessions I normally share on the screen the top 25 passwords, and it’s really common that someone in the audience will say to me, Oh my passwords up there.
In America, the number one password is password123 and you know, we have to get away from this, we have to use good passwords. We should use complex passwords. My advice is that your password shouldn’t be in the dictionary. There’s lots of automated tools that once they made it into your network will then try and brute force user accounts. Your password shouldn’t be a dictionary word so perhaps replace certain letters with numbers or whatever.
Or use, a standalone password manager tool. Something like LastPass, don’t intrust your passwords to a web browser. That’s not a safe way to do it, but use complicated passwords, don’t write them down. Don’t write them on post it notes and stick them to your monitor. Which again, when we are doing security audits we see time and time again. It’s just really, really bad practice. And nobody else in your organisation should know your password. Nobody should know your password; your password should be like your toothbrush and nobody else should use yours.
And you know if a disaster happened and you were away, and someone needed to get access to your system then IT can change your password. There’s no need to leave somebody with that knowledge. And I think the other thing is, when you get prompted at work, typically our discipline at work is enforced by IT. Certainly the networks that we look after we enforce good password hygiene. When you get that prompt work to change your password, use that as an aide memoire to also change your passwords at home and if you’re sharing your computer at home with other people in your household, make sure that you each got your own profile.
You each got you own your own passwords and that you’re taking that that security seriously. Because passwords are a huge part of the cyber security problem. So, if you need any help talk to ramsac, we will advise you on best practice but otherwise stay safe and I look forward to speaking to you soon, thank you.