Did you know that most confirmed data breaches involve the leveraging of weak, stolen, or default passwords?
One of your practice’s frontline defenses for avoiding the phishing attacks and other cybercriminal schemes is effective password management. How well are you managing yours? Take this quiz from Michael J. Sacopulos, JD, founder and CEO of the Medical Risk Institute, to find out.
- Strong passwords are too complicated to remember. It’s fine to use passwords that are short and easy.
True or False?
Answer: False
Easy passwords are easy to crack. Popular passwords in the United States continue to be “password” and “12345.” These weak passwords offer little security and are simply dangerous. Instruct your team to create strong passwords that contain a mix of letters, cases, and symbols. If you’re concerned about not remembering passwords, uses a password-management program which saves passwords securely and provides access to them on any device.
Another option to use a passphrase, using a combination of letters and symbols. For example, “Fido” is an insecure password and easy to guess if it’s your pet’s name. But My1$tPetWasFid0 follows strong password guidelines and is more secure.
2. Putting a sticky note on your computer or desk as a reminder of your password:
A. Is a really bad idea.
B. Is essential to getting any work done if you are over 40.
C. Is a nice way to help new employees get to know you.
Answer: A
Do you have any staff desks with multiple colored sticky notes containing passwords in plain sight. This is not good cyber hygiene. Conduct a walk around of the office and remove all sticky notes and other evidence of passwords. Do it today; we’ll all sleep better tonight.
3. Sharing passwords is ok because:
A. Sharing is caring.
B. If you forget the password, your coworker can remind you.
C. It’s never ok to share passwords.
Answer: C
When it comes to data security, sharing is never ok. The bottom line is to treat passwords like underwear … don’t share them and change them often. Anyone caught sharing passwords should be disciplined.
4. When should a practice disable the passwords of employees who leave?
A. By the end of the week after the employee is gone.
B. When my kid is home from college; he handles stuff like that in our computer system.
C. Immediately after you have terminated the employee, or the employee has left the premises on good terms.
D. We’re supposed to disable passwords?
Answer: C
Staff turnover is a given. So have a plan for terminating user IDs and passwords in all systems immediately after the employee leaves. Often, this step is delayed or forgotten, leaving passwords active for potential access. Put credential disabling at the top of your employee-departure checklist.
5. If you aren’t using a password manager, the best way way to remember a complicated strong password is to use the same one for multiple accounts.
True or False?
Answer: False
Humans are creatures of habit. According to one survey, 59% of us “mostly” or “always” use the same password for everything. And only 55% said they would change their password if their account was hacked.
Make sure you and your team are not part of the 55%. Insist on strong passwords. Store them in a password manager. And don’t use the same password for every account.