Small Business Cyber Resilience Improvement Guide. Part V – Using passwords to protect your data.

Part 5 – Using passwords to protect your data

Passwords are an important step in keeping your and your customers’ information safe and when used correctly prevent unauthorised access.

Here are five tips to remember when setting and using passwords:

  • Remember to switch on password protection
  • Use Two Factor Authentication for ‘sensitive’ accounts
  • Don’t use passwords that can be guessed easily – apply Three Random Words
  • Help staff cope with too many passwords to remember
  • Change all default passwords

Remember to switch on password protection

Set any of the available authentication methods on your device – password, PIN, fingerprint, or face unlock). You might also want to use an encryption product such as BitLocker for Windows or FileVault on MacOS for enhanced security of data on your laptops and PCs. Most devices have an encryption option build in, but you might need to turn it on and configure.

Use Two Factor Authentication for ‘sensitive’ accounts

Two Factor Authentication (2FA) is increasingly used these days as it adds an extra layer of security (most common being receiving a six-digit code via text message). If you are offered this option, you should use it, especially if it relates to accessing sensitive data or gaining admin privileges.

    Don’t use passwords which can be guessed easily – apply Three Random Words

    Passwords should be easy to remember but hard for other people to guess. An ideal password is one that your friend can’t guess in twenty attempts. Any staff member shouldn’t use the most common passwords which criminals can easily guess – such as ‘XYZ123’, or ‘admin1’.

    A good idea is to use the Three Random Words rule to generate your password. For example – BottleSunRhubarb. Such passwords are hard to break and can be much easier remembered than complicated strings of characters which might have no meaning. Don’t use commonly known three words – such as ThreeBlindMice – as these will be obvious and easy to break.

    Another important rule is not to allow staff to share their credential to login into each other accounts and that the level of access given is always the lowest needed to perform the necessary tasks.

    Help staff cope with too many passwords to remember

    Passwords only need changing when there is suspicion that login credentials have been compromised. Staff should also be able to safely store passwords away from the devices they relate to. A good idea is to use password managers which will create and remember passwords for you while you only must remember one ‘master password’ to access the manager.

    Change all default passwords

    Leaving default settings, including passwords, on equipment is one of the most common mistakes. Always make sure that manufacturers’ default passwords have been changed and ensure periodical checks on devices and software are perfumed to detect default passwords.

    What’s next?

    In the next article, we will discuss how to avoid phishing attacks

    Do you require help with keeping your devices safe from attacks?

    If you have any questions or require help in connection with keeping your devices safe from attacks, you are welcome to contact us for advice.

    Our services cover such areas as Critical Infrastructure Protection, Cloud Services Security or Audits, and Threat Intelligence. For a full list of our services visit our services page –


    Stay safe rather than sorry!

    About this guide

    The idea for this guide is based on the Cyber Security Guide for Small Business published by NCSC in November 2018. You can access the guide here.


    Dodaj komentarz


    Submit a Comment

    Your email address will not be published. Required fields are marked *