Simple Self Assessment explained. Heading toward Meaningful Use.
They seem simple and straight forward enough…right?
There are a few problems most offices run into:
- Weak passwords
- Shared or office common passwords
- Never changing passwords
As usual, we’ll attack the easiest first:
Never changing passwords
First ensure that within your company policy there is a requirement to change passwords on a regular basis. This can be set within your server software. As a minimum passwords should be changed quarterly. A better policy is to require a monthly change.
Weak passwords are actually easy to take care of, yet sometimes difficult to explain. Generally a strong password is considered to be at least 12 characters including a mixture of upper case & lower case letters, numbers and special characters (like: @$#%^&*).
A strong password might look like this: &^f0RgEt4bOUtIT*$#
The reason this is easy to take care of is server software has a setting to require strong passwords.
Make sure you require this.
Shared or office common passwords
This must also need to be banned in your office password policy. You don’t want anyone in the office knowing anyone else’s password.
It is a liability issue. If one person in your office can log into another person’s account, you have no integrity. If a user is accused of a violation, they can just claim somebody else gained access to their account, then you have no grounds to stand on.
Finally, ensure writing down of passwords is not allowed – and stated in your password policy.
Going through all of this effort to secure you network, only to have a post-it stuck to a computer monitor with the password on it has done you no good.