-
-
-
Jeff Weeks
Sr. Vice President and Chief Information Security OfficerDec 05 2023
-
Protect Your Workplace and Yourself with Password Security
Author: Jeff Weeks, Senior Vice President and Chief Information Security Officer
Password security is vital for protecting your personal and professional information, as well as your company’s data and reputation. Unfortunately, instead of creating strong, unique credentials, many people make the mistake of using weak passwords that scammers can easily guess. Weak or compromised passwords can lead to data breaches, identity theft, ransomware attacks, and other cyber threats that can cause serious damage and losses.
Why Is Password Security Such a Big Deal?
Passwords and social engineering are two of the most common and effective ways that attackers can breach data and cause harm to organizations and individuals. By improving password hygiene and phishing awareness, you can help reduce the risk of data breaches and enhance security at home and at work.
Passwords are the most common way of authenticating users and protecting sensitive data. However, passwords can also be the weakest link in the security chain if they are not managed properly. Poor password hygiene, such as using weak or reused passwords or sharing passwords, can expose you or your business to data breaches with serious consequences.
One of the ways attackers exploit poor password hygiene is through social engineering. Social engineering is the art of manipulating people into revealing confidential information or performing actions that compromise security. For example, an attacker can send a phishing email that looks like a legitimate request from a trusted source, such as a bank or a colleague, and trick the user into clicking on a malicious link or entering their credentials on a fake website.
Social engineering can also involve impersonating someone else, such as a friend, a customer, a vendor, or a coworker, and gaining access to a system or a network by using stolen or guessed credentials. This can allow the attacker to access sensitive data, install malware, or cause damage to you or your business.
Create Secure Passwords
To help prevent breaches, remember these rules:
- Set a minimum password length of eight characters and use passphrases where you are able. Passphrases, which include a string of unrelated words, are more memorable than passwords.
- Never reuse passwords – personally or professionally.
- Use multi-factor authentication (MFA) on any account that offers it. Implementing MFA adds an extra layer of security by requiring users to provide something they have (such as a phone or a token) or something they are (such as a fingerprint or a face scan) in addition to something they know (such as a password).
- Don’t store your passwords on or near your computer. Of course, we use so many passwords, it can be difficult to remember them all. If your work provides or recommends a password vault application, you should use it. If you are looking for a password vault, there are many reputable brands available. Do your research and pick the best one for you. We’ve all heard that it’s a bad idea to write down passwords, but this is a personal choice. If you choose to write down your personal passwords, e.g., in a password book, take precautions regarding where you store the book. If at all possible, don’t store it next to your computer and secure it in a locked drawer or safe. When I say, don’t store your passwords on your computer, this means do not store your passwords in Excel, Word, Notepad, or similar programs, even if the document is password protected! Why? Because anyone who gets access to your credentials can access any share drive you have access to, and password protected documents are susceptible to being hacked by password cracking software.
- And above all, never share your passwords with anyone.
Avoid Social Engineering Attacks
In addition to password security, be aware of, recognize, and avoid social engineering attacks. Here are some tips:
- Verify the identity and legitimacy of a sender or caller before responding to requests for information or action.
- Check the URL and the domain name of any links or websites before clicking on them or entering any credentials.
- Look for signs of phishing, such as spelling errors, generic greetings, urgent or threatening language, or requests for personal or financial information.
- Report any suspicious or unusual emails, calls, or messages to your organization’s information security team, or if personal, report it to your email provider. Suspicious text messages can be reported to 7726.
- Update the software and antivirus system on your devices.
Always take the time needed to follow these guidelines or the guidelines provided at your place of business. Failure to take precautionary security measures can put your systems and your data at risk and could lead to a network or data breach. For more information, check out our Security Center at fnbo.com/security-center.
About the Author
Jeff has been with First National Bank of Omaha for more than 20 years and is currently the Senior Vice President and Chief Information Security Officer. The executive leadership and oversight provided by Jeff in the development, management, and execution of information security for FNBO enables the company’s ability to posture and protect private, personal information, and assets of the company’s clients, employees, and business partners.
The articles in this blog are for informational purposes only and not intended to provide specific advice or recommendations. When making decisions about your financial situation, consult a financial professional for advice. Articles are not regularly updated, and information may become outdated.