Passwords are an important aspect of computer security. They are the front line of protection for user accounts. A poorly chosen password may result in the compromise of your entire network.
The purpose of a security policy is to establish a standard for creation of strong passwords, the protection of those passwords, and the frequency of changing them.
You need an effective “complex” password policy to prevent passwords from being guessed or cracked. Let’s say that a company requires passwords, but has no other requirements regarding them….
If a hacker were to crack or guess the password for an account (which is very easy with weak passwords), even an “unimportant” account, they would quickly assume that the organization’s password policy is a joke (and they would be right). They would then likely begin cracking the passwords associated with other accounts. Even if no single account has the power to do any real damage, the collective use of multiple accounts could be devastating to the company.
Even in a small organization if someone were to log in with an account that doesn’t belong to them, it can cause all kinds of problems for the user whose account was compromised.
For example, if a hacker compromised your user account and used that account to launch an attack against other parts of the system, then your network’s built-in auditing mechanisms will falsely accuse you of launching the attack.
Suppose that a hacker logged in as a user who is normally responsible for order entry and started messing around with the order entry system. If orders are deleted, the user whose account was compromised could potentially be cheated out of commission related to deleted orders. Never mind the fact that you will have some upset customers if you “lose” their orders.
As you can see, having an effective password policy is of critical importance, even in small companies. These are just a few examples of the damage that can be caused if even a seemingly unimportant user account is compromised.
Let Hooks Systems of Wilmington, NC, establish and automatically enforce a strong password policy at your organization today.