It’s Time for Spring Cleaning: Passwords, Patches, and Backups
Spring cleaning in your home may be an annual ritual, but consider spring cleaning for your company’s systems and computers too. Read these tips — the security of your data is at stake.
Best practices for strong passwords
Now is a good time to revisit your security procedures and review your password policies. It is recommended that users choose secure passwords which are at least eight characters. Passwords should be easy to remember, but hard for others to guess. Refrain from using common phrases, personal information which is public, and repetitive passwords. Do not share passwords or give your password to anyone, even if you trust them. Below are some recommendations for acceptable-use policies for passwords in your company.
- Remove the option of using commonly used passwords.
- You can limit the type of passwords users can have by “blacklisting” the following:
- Passwords that appear on frequently used lists, including breach lists.
- Repetitive and sequential characters, such as “1234” or “1111.”
- Context-based words, such as characters in their username or in the name of the service being logged into.
- You can limit the type of passwords users can have by “blacklisting” the following:
- Use Multi-Factor Authentication (MFA)
- MFA requires the user to know their password, as well as approve that they are attempting to login. Some forms of MFA include things you “know,” “have,” and “are.”
- Know – You must know your password
- Have – You must have access to your phone, or token, to approve a login.
- Are – You must have your fingerprint (or other biometric) to approve the login.
- MFA requires the user to know their password, as well as approve that they are attempting to login. Some forms of MFA include things you “know,” “have,” and “are.”
Patches and updates are critical
When your system does not have the most current patches and updates installed, it is more vulnerable to cyberattacks. Now is as good a time as any to ensure all your systems and software are up to date.
- Check for Windows Updates on your workstations and servers.
- Windows does not always automatically clean up old update files. Run Disk Cleanup to remove old system files to help regain extra disk space.
- Ensure Adobe Acrobat Reader license is up to date.
- Adobe Acrobat Standard, Pro, and Reader can all be set to automatically download and install updates through the settings.
- Check all software applications you run on your system for updates.
- Update drivers on your system.
- You can do this by opening Device Manager and right clicking each device and checking for updates, or you can check with your manufacturer for a solution provided by them.
Backups, backups, backups!
Make sure you are backing up all important data. Many backup applications will back up only default locations unless otherwise specified. Also make sure you are not backing up files you don’t need.
Backups are a great, simple way to recover from a disaster, be it a natural disaster or a nasty bit of ransomware. If you get hit by ransomware and you have a good backup of all your data, you don’t need to pay the ransom; you can simply restore from a backup taken before you were infected. Having this option will save time and money.
The best backup solutions use a 3-2-1 rule.
- You should have at least three copies of your data. One live copy and two backup copies.
- If something happens to your live data, you want to be able to access your backups quickly. That is why it is important to have current and complete backups.
- Your data should be stored in two different mediums.
- If both copies are stored on the same system and that system has a critical failure, you no longer have access to a copy of your data. You can use a cloud-based storage solution in addition to USB-connected external hard drives.
- At least one copy of your data should be kept offsite.
- What would happen if your building and all of its contents were destroyed? Could you get another server and get back to business if your only backup is in a pile of rubble? That is why it is important to have access to your data from the off-site location, be it cloud-based or a remote location set up to receive the backups from your primary location.
Implementing these “spring cleaning” practices for your systems and computers will help you to be more confident about the security of your company’s data, and keep systems running efficiently.