Did you know that more than 60% of all confirmed data breaches involve the leveraging of weak, stolen, or default passwords?
One of your practice’s frontline defenses for avoiding the phishing attacks and other cybercriminal schemes is effective password management. How well are you managing yours? Take this short (and fun) quiz to find out.
- Strong passwords are too complicated to remember. It’s fine to use passwords that are short and easy.
True or False?
Easy passwords are easy to crack. Believe it or not, the most popular passwords in the United States are still “password” and “12345.” These weak passwords offer little security and are simply dangerous. Instruct your team to create strong passwords that contain a mix of letters, cases, and symbols. If you’re concerned about not remembering passwords, uses a password-management program like LastPass, which saves passwords securely and provides access to them on any device.
Another option to use a passphrase, using a combination of letters and symbols. For example, “Fido” is an insecure password and easy to guess if it’s your pet’s name. But My1$tPetWasFid0 follows strong password guidelines and is more secure.
2. Putting a sticky note on your computer or desk as a reminder of your password:
A. Is a really bad idea.
B. Is essential to getting any work done if you are over 40.
C. Is a nice way to help new employees get to know you.
I still see sticky notes regularly in the practices I visit. And there is always at least one staff member’s desk with multiple, colored, sticky notes containing his or her password in plain sight. This is not good cyber hygiene. Conduct a walk around the office and remove all sticky notes and other evidence of passwords in plain sight. Do it today; we’ll both sleep better tonight.
3. Sharing passwords is ok because:
A. Sharing is caring.
B. If you forget the password, your coworker can remind you.
C. It’s never ok to share passwords.
When it comes to data security, sharing is never ok. A practice in the East used only passwords for the entire team: “doctor” and “nurse.” Although this is an extreme case, passwords are shared with some regularity in many practices. Beyond the cybersecurity concerns, sharing passwords has professional liability issues because they render electronic medical record (EMR) audit trails useless. It’s impossible to identify the person who reviewed or entered information if passwords are shared.
Compliance issues are also triggered by password sharing. There’s no sure way to determine whether patient privacy is maintained if it’s unclear which user is accessing them.
The bottom line is passwords are like underwear…don’t share them and change them often. Anyone caught sharing passwords should be disciplined.
4. When should a practice disable the passwords of employees who leave?
A. By the end of the week after the employee is gone.
B. When my kid is home from college; he handles stuff like that in our computer system.
C. Immediately after you have terminated the employee, or the employee has left the premises on good terms.
D. We’re supposed to disable passwords?
Staff turnover is a given. So have a plan for terminating user IDs and passwords in all systems immediately after the employee leaves. Often, this step is delayed or forgotten, leaving passwords active for potential access. Put credential disabling at the top of your employee-departure checklist.
5. If you aren’t using a password manager, the best way way to remember a complicated strong password is to use the same one for multiple accounts.
True or False?
Humans are creatures of habit. According to a survey by LastPass and Lab42, 59% of us “mostly” or “always” use the same password for everything.
And only 55% said they would change their password if their account was hacked. Startling, but true.
Make sure you and your team are not part of the 55%. Insist on strong passwords. Store them in a password manager. And don’t use the same password for every account.