When a weak password is used to protect an enterprise email account, it can render all security measures useless. Despite this fact, many firms and their employees are adopting poor practices when it comes to these essential credentials.
A password represents the second part of an email log-in credentials and enables access to not only the contents of an account, but all the powers it offers a user. Company mailboxes are usually filled with a diverse range of often sensitive information. Confidential data on enterprise deals and partners may be discussed in email correspondence and personally identifiable information on staff, customers, partners, and members of the public may be mentioned.
If a hacker accesses an account, they can not only view, use or steal this information representing a breach, but can carry out a wide range of harmful actions. Once in control of the account, they can send out spoof messages impersonating the owner and even change the password to block access to them.
To avoid account infiltration, a strong password is essential. Read on for some useful guidance on beefing up your email passwords for the new year ahead.
Enterprise email password protocols
Before selecting a password, it is essential for a firm to set password protocols. Passwords should only be issued by admins, never staff, to ensure they have adequate strength. They should also be changed frequently, at least once a month. Staff must be trained never to share passwords or write them down where they can be compromised. Finally, account passwords must be updated immediately if an employee leaves the firm.
What is a strong password?
Regarding password strength, length is more important than complexity. The longer a password is, the more difficult it will be for hackers to crack. Passwords should never contain personal information such as birth dates, names of loved ones, pets, or sporting teams. This information can often be skimmed off social media by hackers and used to guess credentials.
The UK’s National Cyber Security Centre (NCSC) advises users to combine several words to make a single password. This makes the password difficult for cybercriminals to decipher and easier for employees to recall when required.
Employ multi-factor authentication
Multifactor authentication, or MFA for short, is an additional security layer worth considering. Along with the standard user credentials needed to access an account, MFA requests additional data. Simple forms of MFA involve a code being sent to the smartphone of the account user to verify their identity. However, modern methods involve fingerprint, facial and retinal scans. While a hacker may obtain an account password, they are unlikely to have access to the user’s personal device or biometric data.
Using email encryption
Using robust encryption is a wise move to add greater security to company email accounts. If an attacker manages to bypass your security measures or cracks a password, they will not be able to view the emails within if they have been encrypted.
For a demonstration of our powerful three-layer encryption, contact Galaxkey today.