Cybersecurity Awareness Month: Secure Passwords

Cybersecurity Awareness Month: Secure Passwords

Date: October 15, 2019
Tags: , , , , , ,

As we enter the third week of National Cybersecurity Awareness Month, #BeCyberSmart, let’s discuss another facet of how T-Rex Solutions applies the SECURE component of this year’s campaign theme.

SECURE IT

Passwords. They seem to be everyone’s favorite/most hated security topic (right after phishing!). There are so many rules and they keep changing, so the rules have become just as difficult to remember as the vast array of passwords that are required in our personal and professional lives. We leverage technical controls that prevent our employees from entering a password that does not conform with industry best practices, such as those published by the National Institute of Standards and Technology (NIST). Again, we focus on leveraging technology to help our employees to the max extent possible!

A few key axioms to keep in mind:

  • Don’t reuse passwords. An original password that follows NIST best practices should be used for each account you need to access.
  • Even with the technical controls T-Rex has established, only our employees can avoid reusing personal passwords in the workplace.
  • Don’t write them down (not easy when I follow item #1!). When able, take advantage of password managers.
  • At T-Rex, the IT and Security Team recommends a password manager for employees who are interested, and the Team ensures they understand how to use them in accordance with our acceptable use policy.
  • Don’t tell others or let them see you enter your password. If you ever suspect someone has learned your password, change it immediately.
  • T-Rex follows the best practice of not allowing our IT and Security Team to ask for passwords. We promote this fact to our employees, too, so they do not reveal their password under any circumstance and understand the need to notify their supervisor if it does occur.

If you’ve been following this series of posts, you know the next component of this discussion is the applicability of these ideas away from the work environment. Our employees are encouraged to follow these same cyber hygiene habits at home. Most importantly, our employees understand that reuse of passwords between the office and home is not authorized and only they can ensure compliance with that requirement.

For more information on these topics, check out:

https://staysafeonline.org/stay-safe-online/securing-key-accounts-devices/passwords-securing-accounts/

Other articles in our Cybersecurity Awareness Month Series:
Intro to Cybersecurity Awareness Month
Cybersecurity Awareness Month Series: Secure IT
Cybersecurity Awareness Month Series: Protect IT
Cybersecurity Awareness Series Finale


recently posted
Protecting Government Apps and Workloads from Zero-Day Cyber Threats

Protecting Government Apps and Workloads from Zero-Day Cyber Threats

In April 2023, CISA released Zero Trust Maturity Model Version 2, which added a fourth security maturity level and reaffirmed application and workload cyber requirements. In this article we consider Application Threat Protections security levels within the Applications and Workloads […]

Dr. Allen Harper on How T-Rex Helps Federal Agencies Meet the Zero Trust Challenge

Dr. Allen Harper on How T-Rex Helps Federal Agencies Meet the Zero Trust Challenge

The White House Executive Order (EO) 14028 “Improving the Nation’s Cybersecurity” calls for Federal agencies to adopt and implement zero trust architecture. In a recent interview with Washington Exec, T-Rex’s Executive Vice President of Cybersecurity Dr. Allen Harper discusses the […]

Enhancing a Security Hardening Validation Script through Sourcery AI

Enhancing a Security Hardening Validation Script through Sourcery AI

This blog post covers Sourcery’s integration with Visual Studio Code and Python, two standard tools included in security professionals’ development stacks. Sourcery is available at https://sourcery.ai and the Microsoft Visual Studio Code Extensions tab. To demonstrate Sourcery’s capabilities, we will […]

Exceed Cloud Migration Expectations with T-Rex and AWS

Exceed Cloud Migration Expectations with T-Rex and AWS

T-Rex continues to implement large scale cloud transitions with Amazon Web Services (AWS). Learn about the winning T-Rex/AWS collaboration on the 2020 Census: