How To Go Beyond Password Management To Protect Data Effective password management is critical to keep your organization’s data and information safe. Recently, we wrote about several tips for an effective password policy, which included: Password best practices. Minimum length of eight characters (ten or more is recommended). Include at least one number and special character, but do not require overly complex composition rules. Prevent user-related information and use a common password dictionary (ban list) to ensure obscurity. Do not allow for password hints and use Two-Factor Authentication (2FA) if allowing a Forgot Password functionality. Ensure any stored passwords are strongly salted and hashed. Making a unique passphrase. Setting specific policies. Using Two-Factor Authentication. While it is extremely important to have an effective password policy in place for all employees, this shouldn’t be your only defense. It’s best if a strong password is only the first layer of your organization’s security, not the only one. That way, even if one employee makes a password mistake, your organization is still protected. Here are some additional ways beyond the password that your organization can implement. Mobile Device Management In addition to what we covered in our previous post, another important place to protect when it comes to passwords and your organization’s security is your employees’ mobile devices. At a basic level, the goal of mobile device management is to protect the data on employee devices. This reduces the risk of a mobile device being compromised, and can also help secure your data in the rare instance it does become compromised. Most mobile device management systems allow you to manage the users’ devices, establish a user policy, and wipe or reset the device in certain cases. Today, more and more organizations are adopting a Bring Your Own Device (BYOD) mentality, where the employee uses their own tablets, smartphones, and laptops. While this can save the organization money, it also comes with its own set of challenges. One big issue surrounding BYOD – and personal technology as a whole – has to do with privacy and security. Whether it’s through apps, training, or just well-worded policies, you need to ensure that your employees aren’t sharing confidential information about your business or your customers. Likewise, you should have a plan in place that preserves employee privacy and doesn’t leave your company liable to charges that you’re using technology intrusively. This goes hand-in-hand with mobile device management, and can benefit your organization in the long run (especially if an issue ever does occur). Data Loss Prevention Another layer of protection can be added with a data loss prevention strategy. A data loss prevention strategy should include prohibiting employees from sharing, uploading, or emailing confidential or personal information without taking the necessary security precautions. Certain applications can help enforce these measures. In addition, having specific locations for storing sensitive data can help ensure your data is protected where it's supposed to be. Multi-Factor Authentication Previously, we talked briefly about Two-Factor Authentication, but it’s helpful to know specific ways that organizations implement another layer of authentication. Here are some common ones: Receiving a text message, phone call, or email with an access code. Having to type in the associated phone number or email. Answering security questions. Choosing the correct image. Typing in a phrase from an image. All of these features can be instrumental in ensuring peace of mind when it comes to securing your organization’s data. While an effective password policy is a necessary thing, there should be more to it than just basic password restrictions. Consider if your organization could benefit from mobile device management, data loss prevention, or multi-factor authentication. What protection and processes does your organization currently have in place? Mike Wallen Mike Wallen is a Business Solutions Manager at Aureon Technology. Mike is enthusiastic and passionate about helping small to medium-sized businesses eliminate the hassle, waste, and headaches of all things technology in their business to create a worry-free environment. Mike has 15+ years of experience in IT, with a focus on healthcare, law firms, nonprofits/charity, and general small to medium-sized business. He believes in listening to his clients' needs first, then aligning those business needs with business processes and technology solutions. Mike considers himself a true business efficiency and technology architect. Aureon Technology provides end to end IT and communications solutions and has locations throughout the Midwest including Des Moines, Omaha, and Kansas City. Aureon strives to take care of your technology and back office needs so you can focus on what you do best.