The increasing number of security incidents is a matter of concern for businesses around the world. Cybercriminals and hackers seem to be a step ahead in finding new ways to launch an attack. This could be something serious like an attempt to hack IP cameras, or a malware attack. More often than not, hackers try to hack passwords, so that they can infect systems with malware, or hold data hostage. Is it possible to prevent password hacking attempts? Cybersecurity experts recommend proactive measures that may go a long way in ensuring enterprise security.
Start by discussing password protection with employees
Employees and managers are responsible for handling all critical systems, data, networked devices, and they need to be careful and serious about password protection at personal level. If required, get security consultants, who can train your team and help them understand the basics of creating and managing passwords. Ensure that employees are both aware and absolutely responsible for their actions.
Follow the basic rules –
- The foremost step is to change all default usernames and passwords. This is important for all devices. Any networked device works like a computer and is at the risk of being hacked. Make sure that default passwords are edited right after deployment.
- Establish the meaning of strong passwords. A strong password is long, complicated, and hard to remember. It should have special characters, uppercase & lowercase letters, numbers and must be at least 10 characters long. It should not contain personal or official information that’s easy to guess.
- Recommend a password manager. Using a password manager is one of the best ways to keep passwords safe and secure. There are many options, including ones that are meant for enterprise use. Ask your employees to stop if they are saving passwords on any random device, spreadsheet or on paper.
Check for added protection
Sometimes, just having a strong password is not enough for certain resources, accounts and users. A good example of that would be privilege accounts. Make sure that your company is using multifactor authentication where necessary. Lockout feature can be used too, especially for preventing brute-force attacks, and using biometrics may be handy for privilege users.
Finally, find a simplified suite for access rights management. You need to be sure that only people who must have access to a networked device, or resource, have access to it, and all rights must be clear, so that auditing and taking action is easy, if needed at all.