When your online identity is tied to your username and a single password, your sensitive information depends on how secure your network is and the passwords your employees use. With network hacks occurring at major companies, having good Internet of Things security policies and good information security policies goes a long way to ensure the safety of your company’s and employee’s personal information.
Look at the Target and Sony hacks in recent news as warnings for potential security threats. Good enterprise security begins with employees. People must practice good device security and information security habits when using their personal devices (PCs, tablets, and smart phones). This begins with securing their devices when not using them; putting a password on devices and locking them when not in use. However, the most effective practice for enterprise security is to ensure that people use secure passwords, and change them regularly.
Getting people to have good password policy is difficult to enforce and implement. You need people to understand the importance of having a secure password and why they need to change it regularly. Most people have one to two different passwords for most of their online activity. One for daily sites and likely another longer secure one for more secure websites such as financial institutions. It’s even scarier to think some people only have one password they remember for all of their websites. While this may be easy to remember, having someone obtain access to your single login gives them access to almost all of your shopping, finance, and personal information. Thus, enforcing a strong password policy and teaching people about password lockers are two key ways to get your employees to become better IoT security enforcers in your organization, and act as the first line of enterprise security in your organization’s fight in information security.
A password locker allows you to have a program generate and store strong passwords in a locked file (locally or in the cloud). Some popular solutions include LastPass, Password Genie, and Keepass. These services helps you generate secure passwords with the special characters and password rules the site requires, and all you have to do to access it is to remember one very strong long password. You enter your single password once, and the password locker will then give you access to all of the website passwords you have stored. Some even autofill website logins when you go to a site with stored logins.
The advantage of password lockers is they are browser agnostic (they work on IE, Firefox, Chrome), and they work across devices (on your computer and mobile devices) which is key to get adoption. The last thing an organization can do with password security is to enforce good password storing and change policy. With a password locker, you can actually get your employees to change their passwords without as much resistance, and you know the information will likely be more secure as people will not need to write their new passwords down on pieces of paper or post-it notes if they use a password locker. On your path to enforcing a good password policy, enterprise organizations must take control of their network security by being able to enforce password update frequency and strength criteria. The only way organizations can take control is to use SSO and LDAP solutions to enforce password change policies. When you work with vendors, it’s key that they integrate with your secure network and password policy. Have a conversation about SSO and LDAP solutions today with your vendors to be part of your efforts in keeping your IT infrastructure secure.