Five reasons why you need a business password policy

Blogs 17 Mar 2021

From preventing unauthorised access to your accounts to helping your team to understand their responsibilities, learn how a password policy can strengthen your defences against cybercrime.

An image of a laptop on the lap of a person wearing a yellow jumper

No matter how small your business is, you need a clearly defined password policy. Passwords are often your first, but not only, line of defence against unauthorised access. So how can you make sure that your passwords are protected?

Experts at FSB Cyber Protection explain what a password policy should include and share five reasons why you need a password policy in your business.

What is a password policy?

A business password policy is a set of rules that you and your team follow to increase cyber security and reduce the risk of the bad guys getting access to your systems. A password policy will contain details about:

  • how often passwords should be updated
  • where they should be stored (e.g. in a password manager)
  • the requirements for password complexity
  • acceptable use
  • best practices

You might choose to add your password policy to your staff handbook so that everyone in your organisation is aware of the correct procedures to follow. The National Centre for Cyber Security has further guidance on secure password strategies you can implement. 

Why is having a password policy for your business so important?

Whether it’s your business’ social media channels, email accounts or customer information, keeping your digital assets safe protects your reputation and your bottom line.

It protects you against cyber-attacks and data breaches

Safeguarding your business’ data and customer details is of paramount importance and there are countless consequences that a cyber-attack or data breach can have - financially, professionally and legally.

A password policy that works to prevent repeat passwords from being used across multiple accounts and platforms can help to make you less of a target for cybercrime.

It helps to prevent unauthorised access

You know who has access to your safe or business premises, but who has access to certain business accounts? How do you control their access to the account details?

Using a password manager means you can see at a glance who in your team has access to different accounts, or what accounts you have that are related to your business. Many also have a feature where you can authorise someone else to use the password without seeing it, thereby stopping the password from being inadvertently leaked.

It makes sure your procedures are followed consistently

It’s key that the advice within your policy is followed consistently, from the top down, throughout the entire organisation, in order to minimise any weak links. 

This can have a wider impact on your reputation in the eyes of customers and clients, as you can show you’re prioritising security and their data privacy - especially if you’re handling confidential information.

It encourages two-factor authentication and extra security

Using two-factor authentication adds an extra layer of protection to an account. It also blocks log-in attempts from new or unknown locations, even if the password entered is correct, and will ask you to verify your access with a code. This is done through an authenticator app or a text or call to a trusted number linked to the account.

A password manager promotes extra security by helping to prevent users from sharing passwords between accounts. Using the same passwords and log-in details across multiple platforms or websites can lead to security issues if just one account is compromised or part of a data breach. Cyber criminals will then attempt to access other accounts using the same details; this is a very effective technique for the bad guys.

It keeps your team informed

Cyber security can seem daunting, but if your team understands the processes to follow and know what’s expected of them, it can help employees to be aware of cyber threats in both their day-to-day role and their personal lives.

As employees come and go in your business, you might be concerned about data leaving your business. You can check in the settings of most accounts to see which devices are currently linked, revoke their access remotely and remove any unauthorised devices.

Is your security up to scratch?

FSB members have access to FSB Cyber Protection, which provides downloadable guides and templates, backed up by limited cyber insurance. 

Your best defence against cyber-attacks

Protect against unseen threats. Help your business stay in the clear with cyber security support you can trust, backed up by cyber insurance designed for small businesses. Let’s get started

find out more