4 password policies to improve credit union cybersecurity

Google made headlines recently with a new tool called Password Checkup. When installed inside the Chrome browser, the app alerts users when it detects passwords they are using may have been stolen. It works by cross-referencing user passwords against a database of compromised credentials that contains upwards of 4 billion entries.

That number is enough to make you wonder if there are passwords out there that haven’t been compromised.

The emergence of tools like this underscores the increasing need for – and frankly, the interest in – proactive cybersecurity defenses. More people are becoming aware of the potentially devastating repercussions of security breaches, and that includes credit union employees.

Is your credit union supplying staff – the cooperative’s frontline security defense – with the education, awareness and best practices to keep cybercriminals at bay?

Establishing simple-to-follow ground rules around passwords in the workplace is a good place to start. Building good passwords at work may also trickle over into employees’ personal lives, better securing them against identity theft, ransomware, phishing and other consumer-targeted cybercrime.

Here are four password practices to consider enacting at your credit union.  

1. Set enterprise-wide password policies.

Centralize strong password requirements for everyone in your organization. Parameters should include things like minimum length, complexity requirements, how frequently passwords must be updated and boundaries around using the same credentials for multiple sites or apps.

“Fine grained” password policies allow system administrators to specify multiple sets of rules for password policies, as well as different restrictions for different users – such as stricter policies for employees who access sensitive data.

2. Ensure employees never reuse passwords for multiple sites.

You may have heard of credential stuffing, cyber attacks that are effective thanks to the common behavior of using the same password for multiple logins. In a credential stuffing attack, a cybercriminal uses automation to test passwords stolen from one site to gain fraudulent entry to other sites.

If employee password information is compromised in a breach outside of your organization, your system is vulnerable if that same password is used at the office. To help employees avoid reusing passwords, see the next tip.

3. Deploy a password management tool.

Reusing passwords is common because it’s nearly impossible to remember login data across all the digital platforms and sites we access regularly. A password management tool, such as LastPass, will help employees securely store and populate passwords so they don’t rely on the ones they can easily remember – which are, naturally, the weakest kind.

Password managers also feature tools for generating more secure passwords that are longer, more complex and not as easily crackable.

4. Audit passwords regularly.

Just one weak employee password can grant a cybercriminal entry, exposing your entire system to malicious attack. The National Institute of Standards and Technology recommends taking measures that prevent the reuse of passwords that have been previously exposed in a breach.

Ask employees to conduct regular checks to ensure they aren’t using breached passwords. The website HaveIBeenPwned.com provides a downloadable resource of compromised passwords that can be used to cross-reference against passwords currently in use at your organization. (Important note: Never type a password into this page. Scroll down and download the breached passwords list.)

The old adage has never been truer: an ounce of prevention is worth a pound of cure. These four password practices can significantly up your credit union’s cybersecurity game, not only because they make it harder for the bad guys to get in. But also because they strengthen your internal defenses by more richly engaging the frontline in your cyber defense strategy.