Cyber Onboarding Tip: Follow Strong Password Practices

By Kara Klein, Associate Director of Marketing and Media Relations, Security Industry Association on October 11, 2018 |
cybersecurity best practices

In the spirit of National Cybersecurity Awareness Month, the Security Industry Association (SIA) is sharing tips for how you can onboard new employees in a safe and secure way. Our Cyber Onboarding Guide for Employees helps employers and staff reduce cyber vulnerabilities at their organizations, protecting their business and assets.

The most common vector for a cybersecurity breach is an unsecure password, and for good reason: password maintenance is cumbersome and often gets ignored. Since passwords make up a well-known attack surface, however, there are many useful tools and tips to help with password security.

To protect your business, make sure to educate new staff about how they can keep their accounts secure. Here are the SIA Cybersecurity Working Group’s tips for strong password practices:

  • Set strong, unique passwords. A passphrase is better than a password. Instead of using “Cuddles722” because your cat’s name is Cuddles and you got him on July 22, try “CuddlesGetsBirthdayCakeonJuly22!” It’s longer but just as easy to remember and much more secure.
  • Set a unique password for every account, especially for your email and social media accounts, since those platforms connect you to other accounts. Avoid using the same password on multiple accounts.
  • Keep passwords to yourself; do not share them with colleagues, vendors or other partners unless absolutely necessary. When setting up a new device or account, reset the default password to something new. And if you’re inheriting login credentials from a former employee at the organization, reset the credentials to something new.
  • Store your passwords safely. Use a password manager along with a strong “master password,” preferably with strong authentication (e.g., biometrics, mobile key confirmation), for all cloud-based business resources. This is much more convenient than writing passwords down. If you choose to keep your passwords written down or stored in another electronic manner, make sure they’re safe. Avoid storing passwords in a document labeled “Passwords,” for example, and if you write them down, ensure they’re stored in a secure location away from your computer.

Want more cybersecurity tips to share with new staff? Check out the full Cyber Onboarding Guide.