Most of us have dozens of credentials which we use unconsciously – to log into our business network, to check Facebook, payroll, accounting, encrypted email, Dropbox – the list seems endless. But we log in so automatically that we tend to forget what those credentials are protecting. 

Access credentials are a critically important piece of information infrastructure, and in many cases they are one of the ONLY things which separate our critical data from the Internet (and unwanted access by third parties). So let’s play a little game… what would you do with credentials – IF YOU ABSOLUTELY WANTED SOMEONE ELSE TO GAIN ACCESS TO YOUR SENSITIVE INFORMATION?. 

• Use a simple password such as password123

• Use a short password

• Never change your password

• Use a password with your name, a child’s name, your address, or your phone number

• Place your password on a sticky note and tape it to your monitor, or to be really tricky, tape it under your keyboard

• Use the same password for Facebook, your accounting, payroll, or tax accounts…or for that matter use the same password for 30 or 40 different accounts

• Keep your password list in a note on your phone (which is probably not encrypted, nor is it set with a passcode)

You get the point. So let’s start to fix this… 

• Assemble a written list of all your credentials – it will need to go into your safe or other highly secure location between uses

• Mark the credentials which are business critical…these are the ones that if a malicious outsider carefully used them, they could make your life miserable. Think accounting, banking, payroll, taxes, sensitive cloud storage, backups, etc. Make sure that these are changed at least 2-3 times per year, minimum. Make sure that they are changed in the event of any significant staffing change. Keep your list up-to-date.

• Try the habit of using passphrases which are complex, i.e. upper case, lower case, numbers, and special characters, and which are strong (over 8 characters).

• Make sure that you are not using the same credentials for the most critical services. These credentials should vary from each other.

• If you maintain a software list of passwords, either use a highly reputable password management system, or ensure it resides in an encrypted folder. This type of sensitive data should never be stored on mobile devices which are unsecured.

• Use multi-factor authentication with EVERY critical service for which it is available.

Don’t ever forget just what your credentials are protecting, and what a headache it would be for critical data access to become compromised. For assistance with securing your business IT environment, contact us at 405-822-7912.