THE POWER OF PASSWORDS
Your favourite pet, name of your first-born child, or simply 12345. We’re constantly in the position where we have to choose yet another password, and it can seem easier just to reuse an old favourite than come up with something you’re likely to forget. Let’s look at why that’s not a great idea.
NATIONAL CHANGE YOUR PASSWORDS DAY
THE POWER OF PASSWORDSLevel up your security
In the Netherlands, November 24th will mark Nationale Verander Je Wachtwoorden Dag (National change your password day). You might think: why do you need a national day to remember to change your password? Well, it’s estimated that approximately 24 billion passwords were exposed in data breaches in 2022, and that one million passwords are stolen weekly, so changing your passwords frequently is a crucial line of defence in cyber security.
This initiative was established by the technology website Tweakers and is supported by organizations such as the Openbaar Ministerie (Dutch Public Prosecution Service) and Veilig Internetten. Its primary goal is to raise awareness about cyber security and encourage individuals and businesses to strengthen their online security by updating their passwords regularly.
The campaign emphasizes the dangers of using weak or repetitive passwords and offers practical advice for creating strong, unique ones.
As an individual, this is sound advice to protect your personal data, but as a business it could be the deciding factor between a secure work environment and a data breach with catastrophic results. Not only can data breaches put a business’s customers at risk, but they can also lead to hefty fines of up to €20 million for GDPR non-compliance.
ISO 27001
Whilst not mandatory, many businesses, like RIFF, that work with sensitive data are now choosing to apply for ISO certification, particularly regarding ISO 27001.
This is an internationally recognized standard for Information Security Management Systems (ISMS). It provides a structured framework for managing sensitive information securely, ensuring its confidentiality, integrity, and availability. Achieving ISO 27001 certification demonstrates an organization’s commitment to high standards of information security, improving trust with stakeholders and ensuring compliance with legal and regulatory requirements, such as GDPR in Europe.
Changing passwords frequently, along with storing those passwords in an appropriate way, are key components of ISO 27001; one of the core principles is ensuring information is accessible only to authorized individuals.
Best practice
Many programs will now prompt you on how to create a strong password or even offer a randomized password instead of inputting one manually. But if that option isn’t available, here are some actionable tips for creating the most secure passwords:
- Make It Long
Aim for a password with at least 12-16 characters. Longer passwords are exponentially harder to crack through brute-force attacks.
- Use a Mix of Characters
Combine uppercase and lowercase letters, numbers, and special symbols (e.g., @, #, !). This increases the complexity and reduces predictability.
- Avoid Predictable Choices
Never use easily guessable information like birthdays, names, or dictionary words. Hackers often try common combinations first.
- Create a Passphrase
Use a memorable but unique phrase, incorporating unrelated words and symbols. For example: Sun@Rocket$River!
- Use Unique Passwords for Every Account
Avoid reusing passwords across accounts. A breach in one account could give hackers access to others.
- Incorporate Randomness
Use a password generator for completely random passwords. These are harder to crack than patterns created by humans.
- Regularly Update Passwords
Change passwords periodically or whenever there’s a suspicion of compromise.
- Store Passwords Securely
Use a password manager, such as KeePass, to generate and store complex passwords safely. Avoid writing them down or saving them in plain text.
- Enable Multi-Factor Authentication (MFA)
Supplement passwords with an additional layer of security, like a one-time code or biometric verification.
IT Defences
At RIFF, we understand the importance of maintaining and enforcing the highest cyber security standards, including ISO certification, as a company and as a service provider to our clients.
To ensure that our employees are also aware of this importance and are compliant with these security needs, we have numerous measures in place besides the standard advice around safe password usage.
GDPR Training
All our employees undertake a mandatory GDPR and Privacy training during their onboarding, followed by refresher trainings every 6 months. These trainings are curated by our Quality and ISO coordinators to ensure they are up to date with the latest standards. We teach our employees how to identify and avoid unsafe practices and security threats, such as phishing scams.
Risk Assessment Audits
We conduct annual audits to confirm we are upholding the ISO requirements, and to find and evaluate any areas for improvement in our processes and data management.
Password storage
Not only do we employ password management tools to safely store all our employees’ necessary logins, but we also take extra precautions regarding shared logins. We also push mandatory prompts to change account passwords on a regular basis.
Accessibility
Where possible, we limit access to specific data only to those who need to access it. For example, within our company Teams environment, private channels can be made to share sensitive information between managers. Many tools also offer possibilities to put limitations on individual accounts, ensuring that only the required employees can make changes or access certain data within the tooling.
Clean Desk Policy
We implement a clean desk policy that teaches our employees to never leave sensitive information in plain view on their desks, or leave their computers unlocked and accessible when they step away.
When working from home, we also have guidelines around e.g. working from a secured network (no open Wi-Fi networks) and locking screens, even around family members.
Nationale Verander Je Wachtwoorden Dag is a valuable reminder to prioritize digital security. By updating passwords, using strong and unique combinations, and implementing tools like password managers, individuals and businesses can reduce cyber risks. Let’s use this day to strengthen our digital defences and promote safer online practices.
We would be happy to talk to you!
Would you like to know more about online customer contact?
Or are you looking for a partner for your customer contact services?
Read more
Stay up to date with the news, the insights and the latest events at RIFF