If there is one thing that has remained a constant in the battle against data breaches, it is the importance of adhering to a well-rounded password policy outlined by a company’s network administrator and supported by management.
If a data breach should occur, poor passwords such as “1234” or “password” are no match against hackers. Any organization who wants to avoid a data breach should create and strictly adhere to a comprehensive password plan.
A good password plan requires some effort on both the part of the systems administrator and individual staff members. An effective system administrator will make use of tools that lock someone out after a few failed login attempts, force the requirement to select new passwords every 30-90 days, and require staff members to use new passwords rather than simply reusing old ones.
They also may be able to control the content of passwords by requiring the inclusion of numbers, symbols and both upper and lower case characters when passwords are created.
Staff members should be informed not to use personal information such as their date of birth, addresses, or SSN for passwords. In addition, staff members should be instructed to always logout of applications after use, or employ a password-protected screensaver when they leave their desk in order to discourage others from gaining access under their login.
Terminations – Voluntary and Involuntary
Many organizations allow their employees to log in to corporate applications from home or from their own smart devices. When employees leave a company, it is imperative that the former employee has zero ability to gain access to corporate systems. Employers must keep a comprehensive, up-to-date list of every application an employee has access to and all devices from which they access corporate systems. If the employee is fired, all passwords must be changed, access cards and hardware equipment accounted for, in addition to keys to buildings and offices.
In the case of voluntary terminations, some employers will ask their former employee to vacate the premises immediately. In other cases, an employer will allow the employee to fulfill what is typically two weeks notice. Regardless, employers need to have a systems access policy already in place in order to smoothly transition the employee over to former staff member.
If you would like to know more about creating a comprehensive password policy for your organization, please contact us.