Full Sail Partners Blog | Evan Creech-Pritchett

Posts by Evan Creech-Pritchett:

5 Tips to Keep Passwords Secure at Professional Services Firms

Posted by Evan Creech-Pritchett on March 16, 2022

2022 - Passwords Banner

In an age where technology is intertwined with every aspect of life, it is more important than ever to keep data protected. Since passwords are practically the keys to everyone’s livelihood both professionally and personally, if they fall into the wrong hands then there’s no telling how much trouble this could cause for everyone connected to them. By neglecting to follow proper password protection protocols, companies have unintentionally been responsible for their own data breaches and even those of their business partners. That’s why employees and leadership at professional services firms should use these five tips to help strengthen their passwords and keep security protected.

Tip #1 – Use a Unique Password 

Let’s say someone at the firm has been hacked and an unapproved person has gained access to a password. That’s already a concern, but the effect is multiplied tenfold if that same password has been used on other accounts at the firm. Once the password has been discovered, there will certainly be an attempt to use it wherever possible to get into even more of the unprotected accounts. To prevent this from happening, a completely different password should always be used on every separate firm account. 


Tip #2 – Resist Easy to Guess Passwords 

This one should be obvious, but one would be surprised by how many people use passwords like “12345” and “password” just because they are easy to remember. Personal information such as birthdays, pets’ names, and street addresses should also be avoided. To be safe one should use a password that is more random. A good password should have more than eight characters and contain numbers, special characters, uppercase letters and lowercase letters.  

Tip #3 – Be Very Cautious When Asked to Share Passwords 

Avoid scammers at all costs. Scams come in many forms - some may be emails, some may be phone calls, and some may even impersonate a friend, co-worker, client or relative online just to get access to a password. Some of these scams may try to create a sense of urgency, so always stop and remember to think it through carefully. Consider why that person would need this information, and if the person reaching out is unfamiliar, then do not continue with the contact. Here’s the golden rule to follow for not getting scammed: never give away a password.  

Tip #4 – Keep Software and Browsers Up to Date 

Keep the firm’s web browsers, applications, and operating systems up to date. If there’s an exploit to be found, it’s on an older version. It is not necessary to update to the newest version as soon as it is out, but it is generally a good idea to move to the newer versions as soon as possible. Some applications will come with a pre-set password. These should always be changed, even if they are randomly generated. If there is worry about exploits in newer versions of programs, then do research before the decision is made to update. Software companies will generally release patch notes for users to check before they update. 

Tip #5 – Use Two Factor Authentication or a Password Manager 

Two factor authentication requires a third-party app that will require approval for sign-ins. Once logged into an account, a notification on your authenticator app will be received where entry is approved or denied for whoever is logging in. Password managers are a bit more complex but will ensure safety just the same. Once logged in, the password manager will generate random passwords for the user. With these, only one password will need to be remembered to get into the manager, and it will take care of the rest. For extra safety, feel free to use both in tandem. 

Bonus Tip - Stolen Password.... Now What?

So, how can someone at a professional services firm tell if a password has been stolen? More importantly, what can be done about it? 

Well, the best way to identify if a password has been compromised is to watch for suspicious activity. The critical indicators can be anything from strange posts or questionable emails on firm accounts to even small subtle changes in personal information that seem off to the user. Some applications will inform the user when there is an unusual activity, which is especially helpful in these situations.  

Once there is evidence that an account has been breached, the first thing to do is immediately change the password. If this account is tied to others, those accounts should also have their passwords changed and be reviewed for any confirmation of hacking. One should also inform other firm staff and business partners of the breach to proactively prevent any other data breach complications. 

Stay Diligent and Safe

Professional services firms are not alone in the need to protect security, but with the expert knowledge that they are hired for, data breaches can have long term negative effects on both the firm and clients. These five tips should help strengthen firm security and protect its valuable data and clients. It’s a scary internet world out there, so it is important to keep both professional services firms and their staff safe so they can continue to work hard!  

 


Click the image below to learn how Full Sail Partners can help with Application Hosting. 

New call-to-action

Latest Posts