On-Boarding: The Best Time To Instill Password Best Practices

Users continue to utilize "guessable" passwords and reuse those passwords across multiple accounts.

A survey points to one area of weakness:

When looking at the security aspect of onboarding employees, 34% said they did not receive instructions to secure their work accounts with more than just a username and password when they first started at the company they work for. https://www.helpnetsecurity.com/2024/10/01/weak-password-practices/ (Oct. 01, 2024).

Commentary

Weak passwords and/or reuse of passwords (weak or strong) are a data security weak point. 

According to the above source, more than a third of employees do not receive any instructions to secure their work accounts. Developing an on-board routine is an excellent way to fill the gap.

Many new hires possess no data security practices or weak data security practices, which elevate the risk. Organizations must make a point to place everyone on the same page, including new hires, and instill strong data security practices before employees get started.

Onboarding can include review of your organization's data security standards as well as training on data security.

An important training piece is on credentialing. Your organization should make certain your data security training stresses the need for strong passwords and the need to change of passwords routinely, especially after a breach. Make sure employees do not reuse or share passwords. 

Organizations should also take this time to introduce new hires on the importance of using multi-factor authentication.

Other password security steps include:

  • Use passwords on every account and device. Never reveal your password by sending it in an email or a text.
  • Before entering a password, make certain the website is encrypted. Encrypted web sites have "https" and the lock symbol in the web address.
  • Make your password unpredictable with at least 8 to 12 characters. Use a mix of upper- and lower-case letters, numbers, and special characters.
  • Avoid using family and pet names, birthdates, numbers in sequence or any other word or phrase that can be discovered through any online search of you or your family.
  • Mix words from different languages in your password.
  • Use unique passphrases instead of passwords. Passphrases are composed of multiple words, symbols and numbers.
  • If one of your passwords is compromised, change all your passwords.
  • Do not share passwords with anyone, including coworkers and family members. If you write them down, put them in a secure location or store them with encryption.
  • Do not enable the "remember password" feature in applications.
  • Change passwords at least every six months or immediately if someone else learns your password.
  • If there is a breach of commercial site you use, like a bank or an online vendor, change all of your passwords immediately.
  • Remember to log out of your accounts when using a public computer.
  • Don't use the same password for multiple accounts.
  • Do not type your password if someone is watching you input it.
  • If you believe your device is infected with malware or your Wi-Fi is compromised, disconnect from the Internet, have your device screened for malware, and remove any malware immediately.
Finally, your opinion is important to us. Please complete the opinion survey:

Product

Articles

HIPAA And Excessive Fees For Medical Records

Healthcare employers must make sure they follow all applicable laws when charging for patient medical records. We examine.

Inventory Shrinkage Has Retail Employers Re-Evaluating Loss Prevention

Home Depot and other retail stores are making inventory shrinkage a priority. Learn some tips.

Are Your Employees Missing Work Because Of Work-Related Stress? You Make The Call

A study shows some workers are missing more than a full work week because of stress. The culprit? A lack of balance between life and work. What do you think?

You best Bring Receipts If You Allege An Employee Committed Workplace Violence

A hospital alleges a former nurse tech committed workplace violence. Could it backfire? We examine.

ERISA Actions Based On Forfeited Fund Misuse

Home Depot is another company facing a class action alleging misuse of forfeited 401(k)funds. Learn about the risk.