With a growing number of organizations offering a remote or hybrid working option, many people are taking their workspaces home. Your team needs to know password hygiene best practices to ensure their home work environment is secure and protected.
Sloppy employees who are not knowledgeable about password hygiene can pose a risk to themselves and their company. In fact, 82% of breaches involved a human element, according to Verizon’s 2022 DBIR. People play a large part in data breaches and other security incidents, whether by falling victim to stolen credentials, phishing, misuse or simply human error.
In this article, learn more about password hygiene and some best practices for remote employees.
What Is Password Hygiene?
Password hygiene is about maintaining practices that ensure strong passwords to prevent cyberattacks, virus infection, social engineering, account takeovers and more. Employees must stay disciplined in practicing good habits to reduce the risk of falling victim to cyberattacks.
In addition to merely guessing users’ passwords, attackers are using more sophisticated methods to steal sensitive data, such as brute force, social engineering, malware and more. Password hygiene is the first layer of security to stop attackers from getting hold of your passwords.
Following password best practices is easy with Keeper. From password management to dark web monitoring, Keeper offers a complete suite of cybersecurity products to strengthen your team’s security posture.
Password Best Practices
Follow these recommendations for strong password hygiene.
1. Develop a Zero-Trust Approach
A zero-trust policy assumes that every user or device could be compromised. Every person and machine must be verified before gaining access to a network. Organizations can prevent cybercriminals from gaining access to their network by implementing a zero-trust security model.
A zero-trust architecture also prevents lateral movement through network segmentation. Even if a cybercriminal were to gain access through one unauthorized access point, the continuous verification required by the zero-trust model would prevent the attacker from moving laterally through the network. Segmentation aids in reducing the amount of damage from an attack.
2. Enforce Good Cyber Hygiene Practices
Put policies in place to standardize security rules and practices in the workplace. Equip each employee with up-to-date software and tools such as a password manager. Outdated software and equipment are more vulnerable to attacks.
Password managers offer several benefits that help with your team’s password hygiene, including features such as:
-
Password generation — A feature that automatically creates strong passwords.
-
Multi-Factor Authentication (MFA) — An authentication method that requires users to present at least two forms of identification before they gain access to their account.
-
Autofill — A feature that automatically enters a user’s credentials on websites and apps.
Employees should also follow good password practices to strengthen their password security. Some tips to follow:
-
Don’t reuse passwords. Reusing passwords makes it easier for cyberthreats to access multiple accounts with only one set of credentials.
-
Don’t use personal information to create passwords. Create passwords without any connection to you, your team or your organization. Cyberattackers often guess passwords using personal information such as names, birthdays and other important dates. The most secure passwords contain random strings of upper and lowercase letters, numerals and symbols.
3. Use a Remote Desktop Manager
Bringing work home can get messy if you do not properly set boundaries between your personal life and work life. Using a remote desktop manager allows your team to access their work desktops from anywhere. An agentless option such as Keeper Connection Manager provides you with session recording, multi-user session sharing, privileged session management and more.
4. Require Multi-Factor Authentication (MFA)
Multi-Factor Authentication (MFA) can prevent 99.9% of password-related cyberattacks on your accounts, according to Microsoft. Require your employees to enable MFA on all accounts that support it.
After logging into an account, MFA requires users to provide an additional authentication factor, such as:
- Inputting a code retrieved from an authentication app.
- Scanning their face or fingerprint.
- Answering a security question.
Even if threat actors have a working set of login credentials, they can’t use them without this additional authentication factor.
5. Watch Out for Phishing Scams
Your employees are the first line of defense for protecting you and your company. Take the time to train your team to prevent them from being fooled by cybercriminals.
Social engineering attacks continue to grow. According to the Phishing Activity Trends report by the Anti-Phishing Working Group, there were 1,025,968 phishing attacks by March 2022—a 15% increase from the fourth quarter of 2021.
Before clicking links inside an email, look for signs to make sure it’s not a phishing email. Some common giveaways include:
-
Frequent typos. Most credible brands and companies would proofread an email before sending it out to the recipient. Grammar errors and misspelled words are commonly found in scam emails.
-
Suspicious email addresses. Send it to the trash can if the email address doesn’t match up with the company domain name.
-
Unusual request. Don’t be fooled. It is unlikely that a Nigerian prince will ever give you their entire fortune in return for crypto or an iTunes gift card.
-
A sense of urgency. The sender expects their victims to make rash decisions and act quickly. Don’t fall prey to threats based on fear.
Keeper’s password manager offers tools and features to ensure that your team maintains good password hygiene. Try out our 14-day free trial to see how we can keep your cybersecurity posture strong.
Frequently Asked Questions
How do I share my employees’ passwords?
Employees can share passwords securely using the Keeper password manager. Read more to learn how to share your digital vault’s records, passwords and other confidential information.
Is it okay to share passwords remotely?
Yes, Keeper makes it easy to share passwords securely regardless of location. Companies using Keeper Business can easily share records between teams and colleagues. We also offer a One-Time Share feature so that team members can share confidential information with freelancers who may not have a Keeper account.
How can I easily improve and maintain good password hygiene?
With Keeper, you can stay on top of your password hygiene by reviewing your overall security score in the admin console. The admin console audits your password security to identify duplicate passwords, weak passwords and other areas that require improvement.
Also, BreachWatch is a feature that will notify you of any credentials compromised on the dark web, prompting you to update your information immediately.