Blog | Tech Help Direct

Important cybersecurity awareness tips for you and your organisation

Written by Tech Help Direct | 24/02/2023 2:30:42 AM

Employee password protection awareness is an essential aspect of cybersecurity for any organisation. Strong passwords (including multi-factor authentication) are critical to securing sensitive company data, and employees must be trained to create, organise and protect their passwords.

 

 

1. Creating and managing passwords

One of the most critical aspects of password protection is to create strong passwords and multi-factor authentication where possible.

  • A strong password should be at least 12 characters long and contain a mix of upper and lowercase letters, numbers, and symbols.
  • Employees should be encouraged to avoid using common words, phrases, or personal information in their passwords, as these can be easily guessed or hacked.
  • Another critical aspect of password protection is to avoid using the same password for multiple accounts.
  • Reusing passwords across different platforms can put an employee's accounts at risk if one is compromised.
  • Employees should be encouraged to use a unique password for each account and implement a tried and tested password management tool like 1Password to help keep track of all of their login information.

 

2. Using 1Password as a password management tool

We use 1Password internally after trialling many competitors, so we know it works well!

1Password is a password manager application that helps users securely store and manage their passwords and other sensitive information. The application works by encrypting user data with a master password and storing it in a digital "vault." which offers features like automatic browser login filling, password generation, and security auditing to help users stay secure online.

  • To use 1Password, users create a master password to encrypt their data. Once the master password is set up, users can add their passwords, credit card details, secure notes, and other sensitive information to the vault.
  • When a user visits a website or application that requires a password, 1Password can automatically fill in their login details. This saves users time and effort and ensures they use strong, unique passwords for each account.
  • 1Password also has a password generator feature, which can create random, complex user passwords. This helps to ensure that users are not using weak or easily guessed passwords for their accounts.
  • The application is available on multiple platforms, including desktop and mobile devices, and syncs data across devices. This allows users to access their passwords and other sensitive information from anywhere and ensures that their data is always up-to-date.
  • 1Password also has a built-in security audit feature, which can analyze a user's passwords and alert them if any of their passwords are weak, reused, or compromised in a data breach. This helps users to stay informed about potential security threats and take action to protect their accounts.

 

3. Staff education and awareness

Employees should be educated on how to keep their passwords safe.

  • This means never sharing passwords with anyone, including coworkers or IT staff.
  • Passwords should never be written down and left in plain sight or stored in an unencrypted file on a computer or mobile device (like Notes or a Word document), especially naming the password file "PASSWORDS"! Yes, this is very common. Crazy, right?!
  • Employees should be instructed to log out of their accounts when they are finished using them and never leave their devices unattended while logged in.
  • While it may be tempting to keep using the same password for years, changing passwords regularly can help prevent unauthorized access. Employers should also enforce strong password policies, such as requiring a minimum password length and complexity and disabling password reuse.
  • Employers should provide regular cybersecurity training for employees, including best practices for password protection.
  • Employees should be aware of the latest cybersecurity threats and how to spot phishing emails or other attempts to steal login information.

The Australian government's site, https://cyber.gov.au, includes incredible resources to help formulate a policy for your team specific to your organisation. Every organisation should have a comprehensive ICT or cyber-protection policy, which needs to be known and signed by all employees in line with your organisation's ICT provider's recommendations. If your provider doesn't support you in formulating or upholding this policy, making a change is in your best interest. 

 

4. Best practice for sharing passwords if you really need to

It is not recommended to share passwords with others as it can compromise the security of your personal information. When you share your passwords, you are essentially giving someone access to your private accounts and sensitive information, which can lead to identity theft, fraud, and other security breaches. Instead of sharing passwords, it's always better to use secure communication channels and tools like Privnote, which allows you to send encrypted messages that self-destruct after being read, ensuring that the information is only accessible to the intended recipient and can't be intercepted or viewed by anyone else. This way, you can communicate sensitive information securely without sharing passwords or compromising your online security.


Do you need help stabilising or managing the security and infrastructure within your organisation?

In today's digital age, cyber threats and data breaches have become common occurrences. As a result, businesses and organisations of all sizes need to focus on stabilising their cybersecurity and ICT infrastructure to prevent these threats from causing major disruptions to their operations. However, with the constantly evolving nature of cyber threats and the complex IT systems organisations use, staying on top of these issues alone can be challenging. This is why seeking help from a qualified ICT, and cybersecurity professional can make all the difference. Experts like Tech Help Direct help businesses implement effective security measures, provide training to employees to prevent human error, and monitor systems for any potential threats or vulnerabilities. By taking proactive steps to stabilise their cybersecurity and IT infrastructure, organisations can protect their sensitive data, minimize the risk of downtime, and ensure the smooth functioning of their operations.

 

If you need help, please complete the form below, and one of our team will contact you soon.