This is the first in a 5-part series examining simple ways to protect your data from data breach and data loss without costing an arm and a leg. These posts come from material that we present in our “Protecting Your Data” presentation for businesses. The presentation also has 1 hour of CLE credit from the Alabama Bar Association. Contact us to schedule a presentation or to find out when one is being offered.In working with businesses we often see the eye-roll and hear the heavy sigh when we require a password to be so many characters in length, contain a special character, a number and a few other things. In this post we will explain the importance of strong passwords and what constitutes a good password. Even more important, tips on how to remember and manage them.The most important step that you can take to protect yourself and your data from a data breach is to protect things with passwords, or “password protect.” This means putting passwords on all computers and mobile devices, including phones and tablets. Additionally, every device should have the lock feature enabled to automatically lock itself after a predetermined length of time and then require a password to access it again. This value can be as small as seconds of no use for a mobile device to 15-30 minutes of inactivity for a computer. If a computer does not lock itself when not in use then an attacker can simply wait until the computer is unattended and then do as they wish to it. Start training yourself to lock your computer whenever you aren’t actually sitting at it to decrease this risk even more.The Wi-Fi in your offices should be password protected as well. It is better to maintain a separate guest network for visitors to use than it is to allow them access your internal network. Most wireless routers these days have this guest network functionality as a standard feature.Make your passwords “strong”. The exact definition of a strong password varies depending on whom you talk to, but the basics remain the same:
- A strong password should be mixture of upper case, lower case, numbers, symbols, and should be at least 8 characters long.
- A strong password should NOT include your name (first or last), or any other often easily-guessable items, such as birthdays, children, or pet names.
- The strongest passwords do not contain any word found in a dictionary and are randomly generated.
Avoid reusing your passwords. This is especially important for websites that require passwords. Some websites aren’t as careful with how they store the passwords for their users and may get compromised. If this happens, then the potential thief has your email address and password for that site, and may start to test that password on other sites, like email, social media, or banking. If you’ve used the same password on some of those sites then the bad guys now have access to your accounts and can do some real damage.Cue the eye-roll. We hear you saying, “How am I supposed to keep track of a unique password for every website I have? On top of that, I should make them all strong and randomly generated? How in the world do you expect me to be able to keep up with all this?” Well, I’m glad you asked. A password management tool such as LastPass, Dashlane, or Encryptr is designed so that you don’t have to remember the logins to every website, and they have a random password generator. You just need to remember the login to the tool, and of course make that one nice and strong! Once you’re logged in there, then you can access your passwords and manage all of your passwords on websites and prevent the ability of an attacker to access other websites if one is breached.Good passwords provide a good first step in securing your data from breach. Without them your data is wide open to an intruder. This could result in loss of reputation, loss of revenue, lawsuits, or even the closing of your business. Protect yourself by implementing a good password policy today.