A Password is like a Toothbrush

When was the last time you thought about the password policy for your business?
 
This might seem like a small thing, but it’s one of your first lines of defense from outside attacks. When we audit businesses, we typically find multiple staff members whose passwords are set to never expire and have the account lockout setting disabled.

Now imagine it’s Sunday morning and you’re home enjoying a day off because your business isn’t open. Though you may not be working, a hacker on the other side of the world is using a simple program to try and decrypt your password. Since your account lockout feature is disabled, they can try what’s called a brute force attack and just keep trying passwords until they get the right one.

The time can vary from a day to a year on how long it takes to crack, but eventually they will get it because the password never gets changed. And when you’re hacked, it gives criminals access to your entire network and customer information database.

The best thing you can do is set a company password policy that requires a new password every 3 months, and has more than 13 characters. While that may seem like a pain and you’ll get complaints from people in the organization, it’s much better than finding out your system was hacked and losing hundreds of thousands of dollars, your reputation and potentially your entire business.