Protect your passwords: 4 key tips to deter cybercriminals

On our neighborhood NextDoor group, people routinely post about criminals rooting through unlocked cars parked in driveways. No one ever posts about criminals actually breaking into locked cars or stealing cars from driveways. The criminals are just looking for a quick and easy score. If a car is locked, they move on. The obvious conclusion: Lock your car! Yet people continue to leave their cars unlocked in their driveways because they think it’s safe.

Companies large and small make this same exact mistake when it comes to storing and managing their social media passwords.

Let’s just say this for the record. Cyber criminals are out there. They are smart. They are persistent. They are highly motivated and they have lots of time. If you manage social media for a company, you should do everything you can possibly do to keep your passwords safe. They are literally the keys to your entire social media kingdom. And yet for some reason, many of the world’s largest companies do a really bad job of this. They are in fact, leaving their social media car unlocked in the driveway.

 Here are four key things to do to improve your password security dramatically.

• Store your passwords securely. Do not store your passwords in any of the following ways: a sticky note, a Notes file on your phone, a big Excel spreadsheet, a PDF (even a password-protected one), a shared document stored in an unsecured location. Especially if your company passwords are shared amongst several users, you should have an encrypted secure place to store them, or even better, a tool like LastPass or Keeper Security that adds another layer of protection by storing your passwords in a secure vault and allowing users to use the password without being able to actually view the text of the password. If you have the passwords printed out on paper as a backup, make sure that paper is stored in an extremely secure place like a safe. Make sure you shred any copies that are no longer needed.
  
  Set criteria for your passwords. There’s a reason every major website asks you to include numbers, letters, symbols and a certain number of characters in your passwords. The more complex the password, the harder it is for criminals to guess or hack. One of my cyber security friends once told me that an extremely secure password is a combination of totally random words that don’t normally go together and a series of numbers and letters. In my days managing social media for a big company, I saw hundreds of terrible passwords. Your passwords should never contain:

  1. Just one single word all by itself

  2. The name of your brand or company

  3. The words password, querty or letmein

  4. A sequence of numbers in order like 123456

  If you are responsible for passwords at your company set criteria just like all of those major websites. “All of our passwords must be X characters long, include letters, numbers and symbols,” etc.

• Create processes for your passwords. A general rule of social media governance is that people will make up the rules unless you define them. So create rules for your organization. These should include a standard operating procedure for how passwords are selected and stored. There should also be SOPs for how passwords are shared with users who need to know them as well as what happens when someone who knows the password leaves the company. Finally, your process should include routine changing of the passwords on a regular schedule. Change all passwords every three months or so. And remember that for platforms like Facebook and LinkedIn – where users access business accounts via their personal pages – that would mean people need to change their personal passwords on that schedule as well.

• Include ALL your passwords. One key mistake people and companies make is forgetting that there are a lot of “social adjacent” passwords as well. So while you might focus on your passwords for Facebook, Twitter, LinkedIn, etc., remember the passwords for tools that are connected to your social media accounts like Hootsuite, Bitly, etc. Over the course of a year, it is totally possible for one account to be connected to a dozen or more of these third-party apps. Make sure you know what’s connected to your accounts and include those passwords in this process. Otherwise you may have left the window down even though you locked the door.

If you do just these four things, you will make your password management substantially more secure and dramatically increase the likelihood that the cyber criminals will move on to an easier target. Remember they’re looking for an easy score. Make sure you lock your doors.