How To Go Beyond Password Management To Protect Data
Effective password management is critical to keep your organization's data and information safe.
Articles published March 16, 2017 by Mike Wallen
Recently, we wrote about several tips for an effective password policy, which included:
- Password best practices.
- Minimum length of eight characters (ten or more is recommended).
- Include at least one number and special character, but do not require overly complex composition rules.
- Prevent user-related information and use a common password dictionary (ban list) to ensure obscurity.
- Do not allow for password hints and use Two-Factor Authentication (2FA) if allowing a Forgot Password functionality.
- Ensure any stored passwords are strongly salted and hashed.
- Making a unique passphrase.
- Setting specific policies.
- Using Two-Factor Authentication.
While it is extremely important to have an effective password policy in place for all employees, this shouldn’t be your only defense. It’s best if a strong password is only the first layer of your organization’s security, not the only one. That way, even if one employee makes a password mistake, your organization is still protected. Here are some additional ways beyond the password that your organization can implement.
Mobile Device Management
In addition to what we covered in our previous post, another important place to protect when it comes to passwords and your organization’s security is your employees’ mobile devices. At a basic level, the goal of mobile device management is to protect the data on employee devices. This reduces the risk of a mobile device being compromised, and can also help secure your data in the rare instance it does become compromised. Most mobile device management systems allow you to manage the users’ devices, establish a user policy, and wipe or reset the device in certain cases.
Today, more and more organizations are adopting a Bring Your Own Device (BYOD) mentality, where the employee uses their own tablets, smartphones, and laptops. While this can save the organization money, it also comes with its own set of challenges. One big issue surrounding BYOD – and personal technology as a whole – has to do with privacy and security. Whether it’s through apps, training, or just well-worded policies, you need to ensure that your employees aren’t sharing confidential information about your business or your customers. Likewise, you should have a plan in place that preserves employee privacy and doesn’t leave your company liable to charges that you’re using technology intrusively. This goes hand-in-hand with mobile device management, and can benefit your organization in the long run (especially if an issue ever does occur).
Data Loss Prevention
Another layer of protection can be added with a data loss prevention strategy. A data loss prevention strategy should include prohibiting employees from sharing, uploading, or emailing confidential or personal information without taking the necessary security precautions. Certain applications can help enforce these measures.
In addition, having specific locations for storing sensitive data can help ensure your data is protected where it's supposed to be.
Previously, we talked briefly about Two-Factor Authentication, but it’s helpful to know specific ways that organizations implement another layer of authentication. Here are some common ones:
- Receiving a text message, phone call, or email with an access code.
- Having to type in the associated phone number or email.
- Answering security questions.
- Choosing the correct image.
- Typing in a phrase from an image.
All of these features can be instrumental in ensuring peace of mind when it comes to securing your organization’s data. While an effective password policy is a necessary thing, there should be more to it than just basic password restrictions. Consider if your organization could benefit from mobile device management, data loss prevention, or multi-factor authentication.
What protection and processes does your organization currently have in place?
View our infographic: Cybersecurity Defense In-depth - The Rise of Cyberattacks