Disclosure: Your support helps keep the site running! We earn a referral fee for some of the services we recommend on this page. Learn more

Each of your employees likely has dozens of passwords for work-related devices, software, and accounts. Weak passwords are the easiest way for hackers to steal your valuable business data, so if your employees aren’t using strong passwords, they’re giving hackers many opportunities to compromise your data.

Digital security has become a top priority for businesses. This article will teach you how to protect yours by creating a strong employee password policy.

Key Takeaways:

  • Password policies provide employees guidance on using strong passwords.
  • Passwords should be 12 characters or more long and use a combination of numbers, letters, and symbols.
  • SMBs should take the time to educate their employees on the importance of password security to protect the company as a whole

What Is a Password Policy?

A password policy is a set of rules your company creates to provide employees guidance on using strong passwords. It’s an essential piece of the overall digital security strategy for your small business.

Why Are Strong Passwords Important to Your Business?

Why Are Strong Passwords Important to Your Business?
Source: Computersnationwide.com

Strong passwords protect your business from hackers looking to infect your network with ransomware, turn your computer into a bot they can use however they want, or steal sensitive information like login credentials or credit card numbers. These types of cybersecurity attacks can cripple your business financially and permanently damage its reputation.

Weak or stolen passwords account for more than 80% of company data breaches, so it’s imperative to have a password policy to protect your business. Left without this guidance, most of your employees aren’t going to use good passwords.

Even with data breaches and cybersecurity dominating the news these days, the most popular password in 2020 was “123456.” Strong password usage is not something you want to leave to chance. Thankfully, it’s easy to create and implement a password policy for your small business.

Tips for Creating a Password Policy

  1. Set requirements for passwords. We recommend:
    • A minimum length of 12 characters
    • A mix of numbers, uppercase letters, lowercase letters, and symbols
    • New passwords can’t be the same as old passwords
    • Every account and device must have a unique password
  2. Make it clear what accounts and devices the password policy apply to. Many employees use their personal computers or mobile devices for work, and it may not occur to them that your company’s password policy extends to these too. Any device employees use to access company files and accounts must be protected with a secure password.
  3. Passwords should never be shared with anyone. Let employees know that no one in the company will ever email, call, or text them requesting their password.
  4. Encourage employees to use a password manager. Password managers are a secure way to store passwords. Instead of having to remember dozens of passwords, employees just have to remember one master password. Make specific recommendations for password managers your company approves.
  5. Don’t write passwords down. We’ve all seen the people with their passwords taped to their desks or laptops. Let your staff know this isn’t secure or acceptable.

How To Encourage Employees To Use Strong Passwords

How To Encourage Employees To Use Strong Passwords
Source: Exponential-e.com

The most effective way to get your employees to use strong passwords is to educate them about why it’s important. It’s difficult to get staff on board if you present your password policy as just another set of rules they have to follow. Make it personal. Help them understand how a strong password protects their personal information and keeps your business — and their jobs — safe.

At staff meetings, include company updates and messaging about digital security. Share the how and why of company data breaches in the news, have short lessons about cybersecurity risks, such as spear phishing, and regularly refresh your employees’ memories about your password policy and other digital security measures. The more your employees hear about digital security and see that management takes it seriously, the more likely they’ll be to enforce your password policy.

Other Ways To Increase Security

Other Ways To Increase Security
Source: Theconversation.com

Use a virtual private network

A virtual private network (VPN) is a way to establish a secure network connection. It’s a necessity if your employees ever work remotely and need to use public Wi-Fi. Most free public Wi-Fi isn’t secure, and hackers can easily steal information sent over these connections. A VPN ensures your employees can safely use public Wi-Fi when necessary.

Use two-factor authentication if available

Two-factor authentication requires users to log in with the correct credentials and then authenticate their identity using a second factor like a security code sent to their phone.

This adds a strong layer of security that’s extremely difficult for hackers to get around. Many types of software and accounts now have an option to enable two-factor authentication.

Limit user access

Protect your company data by limiting user access to sensitive files and accounts. Depending on the type of digital file storage you use, you can password-protect confidential files and folders or hide them completely from users who haven’t been assigned the role needed to view them.

Install a firewall

A firewall is essentially a filter for your company network. It blocks malicious code and only allows clean traffic through. This protects your business from malware and viruses that can steal data or damage your systems.

Never share files or sensitive information via email

Hackers can spoof a known email address within your company and email employees requesting sensitive information or asking them to download a file. This is called spear phishing, and it’s one of the most common ways companies get hacked. Make it a blanket policy to never send files via email, so employees know immediately that any file they get from a colleague’s email address is suspicious.

Keep devices updated

When companies release patches or updates for their software or devices, it’s often because they’ve discovered a security flaw that needs to be fixed. By keeping devices updated, employees can prevent hackers from exploiting any known vulnerabilities.

Our world is becoming increasingly digital, and while that provides us with many new opportunities and conveniences, it also means we’re more at risk for cybercrime. This is especially true for small businesses.

Hackers prefer to target small companies because they often lack proper digital security measures. You can ensure your business isn’t an easy target by following the tips in this article to create and implement a strong password policy.

What To Do Next

Make digital security awareness part of your company culture. Culture starts at the top and is reinforced through regular communication. Ensure your company’s leadership is well educated about cybersecurity basics and consistently follows your password policy and other digital security protocols.

Investing in a well-equipped password manager that caters to your business needs is a big help.  Every provider touts a variety of features and services, to make it easier to choose the right one, we evaluated password managers based on what’s most important.