As we enter the third week of National Cybersecurity Awareness Month, #BeCyberSmart, let’s discuss another facet of how T-Rex Solutions applies the SECURE component of this year’s campaign theme.
Passwords. They seem to be everyone’s favorite/most hated security topic (right after phishing!). There are so many rules and they keep changing, so the rules have become just as difficult to remember as the vast array of passwords that are required in our personal and professional lives. We leverage technical controls that prevent our employees from entering a password that does not conform with industry best practices, such as those published by the National Institute of Standards and Technology (NIST). Again, we focus on leveraging technology to help our employees to the max extent possible!
A few key axioms to keep in mind:
- Don’t reuse passwords. An original password that follows NIST best practices should be used for each account you need to access.
- Even with the technical controls T-Rex has established, only our employees can avoid reusing personal passwords in the workplace.
- Don’t write them down (not easy when I follow item #1!). When able, take advantage of password managers.
- At T-Rex, the IT and Security Team recommends a password manager for employees who are interested, and the Team ensures they understand how to use them in accordance with our acceptable use policy.
- Don’t tell others or let them see you enter your password. If you ever suspect someone has learned your password, change it immediately.
- T-Rex follows the best practice of not allowing our IT and Security Team to ask for passwords. We promote this fact to our employees, too, so they do not reveal their password under any circumstance and understand the need to notify their supervisor if it does occur.
If you’ve been following this series of posts, you know the next component of this discussion is the applicability of these ideas away from the work environment. Our employees are encouraged to follow these same cyber hygiene habits at home. Most importantly, our employees understand that reuse of passwords between the office and home is not authorized and only they can ensure compliance with that requirement.
For more information on these topics, check out:
Other articles in our Cybersecurity Awareness Month Series:
Intro to Cybersecurity Awareness Month
Cybersecurity Awareness Month Series: Secure IT
Cybersecurity Awareness Month Series: Protect IT
Cybersecurity Awareness Series Finale