Cybersecurity Awareness Month: Secure Passwords

Cybersecurity Awareness Month: Secure Passwords

Date: October 15, 2019
Tags: , , , , , ,

As we enter the third week of National Cybersecurity Awareness Month, #BeCyberSmart, let’s discuss another facet of how T-Rex Solutions applies the SECURE component of this year’s campaign theme.

SECURE IT

Passwords. They seem to be everyone’s favorite/most hated security topic (right after phishing!). There are so many rules and they keep changing, so the rules have become just as difficult to remember as the vast array of passwords that are required in our personal and professional lives. We leverage technical controls that prevent our employees from entering a password that does not conform with industry best practices, such as those published by the National Institute of Standards and Technology (NIST). Again, we focus on leveraging technology to help our employees to the max extent possible!

A few key axioms to keep in mind:

  • Don’t reuse passwords. An original password that follows NIST best practices should be used for each account you need to access.
  • Even with the technical controls T-Rex has established, only our employees can avoid reusing personal passwords in the workplace.
  • Don’t write them down (not easy when I follow item #1!). When able, take advantage of password managers.
  • At T-Rex, the IT and Security Team recommends a password manager for employees who are interested, and the Team ensures they understand how to use them in accordance with our acceptable use policy.
  • Don’t tell others or let them see you enter your password. If you ever suspect someone has learned your password, change it immediately.
  • T-Rex follows the best practice of not allowing our IT and Security Team to ask for passwords. We promote this fact to our employees, too, so they do not reveal their password under any circumstance and understand the need to notify their supervisor if it does occur.

If you’ve been following this series of posts, you know the next component of this discussion is the applicability of these ideas away from the work environment. Our employees are encouraged to follow these same cyber hygiene habits at home. Most importantly, our employees understand that reuse of passwords between the office and home is not authorized and only they can ensure compliance with that requirement.

For more information on these topics, check out:

https://staysafeonline.org/stay-safe-online/securing-key-accounts-devices/passwords-securing-accounts/

Other articles in our Cybersecurity Awareness Month Series:
Intro to Cybersecurity Awareness Month
Cybersecurity Awareness Month Series: Secure IT
Cybersecurity Awareness Month Series: Protect IT
Cybersecurity Awareness Series Finale


recently posted
More than Modernization: Digital Transformation Empowered by Agile Learning Culture

More than Modernization: Digital Transformation Empowered by Agile Learning Culture

Today’s avalanche of technology-driven change has made digital transformation imperative for Federal and civilian enterprises. At the heart of this transformation lies Agile Development, a methodology offering dynamic software development and delivery, which has emerged as the gold-standard for tech […]

Zero Trust Lift: Network Visibility and Analytics Maturity using Zeek

Zero Trust Lift: Network Visibility and Analytics Maturity using Zeek

Zeek is a proven open-source network visibility and analytics tool that you can leverage to increase your agency’s Network Visibility and Analytics Capability maturity under CISA’s Zero Trust Maturity Model Version 2. Zeek (https://zeek.org, formerly named Bro) is a network […]

T-Rex is Hiring at Hill Air Force Base

T-Rex is Hiring at Hill Air Force Base

Since 2016, T-Rex has been supporting large scale hybrid-cloud migrations and systems modernization, to include the successful deployment of the first-ever online U.S. Census in 2020. We are excited about expanding our IT Modernization services within the National Security market, […]

Secure by Design and Zero Trust: Integrating Supply Chain Risk Management with DevSecOps

Secure by Design and Zero Trust: Integrating Supply Chain Risk Management with DevSecOps

Agencies are seeking innovative ways to mature their Zero Trust posture. In this article, we have focused on improvements to your DevSecOps to increase maturity in two pillars: 1) Devices and Applications and 2) Workloads.