Welcome to CyberSavvy, Cybersecurity Awareness for all

5 Essential Security Tips for Businesses:

  • Strong password policies
  • Keep software and systems updated
  • Educate employees on cybersecurity awareness
  • Regularly back up critical data
  • Restrict access to sensitive data/information

How to create a strong password policy

Creating a strong password policy involves setting guidelines that encourage users to create secure passwords and protect sensitive information. Here's a step-by-step approach to designing an effective password policy:

🔑 1. Define Password Complexity Requirements

  • Length: Minimum of 12–16 characters. Longer passwords are more secure.
  • Character Variety: Require at least one uppercase letter, one lowercase letter, one number, and one special character.
  • Avoid Common Words: Disallow commonly used passwords like 123456, password, or qwerty.
  • No Personal Info: Prohibit using names, birthdays, or usernames in passwords.

⏳ 2. Set Password Expiration and Reuse Limits

  • Expiration: Change passwords every 90–180 days. However, if you enforce strong passwords and MFA, frequent changes are less necessary.
  • Reusability: Prevent users from reusing their last 5–10 passwords.

🔒 3. Enable Multi-Factor Authentication (MFA)

  • Require an additional authentication method, such as a mobile app code, biometric scan, or hardware token, especially for sensitive accounts.

🚨 4. Implement Lockout and Monitoring Mechanisms

  • Account Lockout: After 5–10 failed login attempts, lock the account temporarily.
  • Monitoring: Log login attempts and notify users of suspicious activity.

📚 5. Educate Users

  • Conduct regular training on password hygiene and phishing awareness.
  • Encourage the use of password managers to store complex passwords securely.

🔧 6. Enforce Secure Storage and Transmission

  • Encryption: Store passwords using strong, salted hashing algorithms (e.g., bcrypt).
  • Secure Transmission: Use HTTPS to protect passwords in transit.

How to create a strong password

NCSC Guidance:

The National Cyber Security Centre (NCSC) recommends creating strong passwords by combining three random words. The NCSC also recommends avoiding predictable passwords and using a password manager. 

  • Use a combination of words: Combine three random words to create a strong password. 
  • Avoid predictable passwords: Don't use common passwords like "passw0rd" or passwords that include your birthday, pet name, or favorite sports team. 
  • Use a password manager: A password manager can help you manage your passwords. 
  • Make your password long: The longer and more unusual your password is, the harder it is to crack. 
  • Make your password unique: Use a different strong password for each account. 

Non NCSC Guidance:

  • At least 12 characters long but 14 or more is better.
  • A combination of uppercase letters, lowercase letters, numbers, and symbols.
  • Not a word that can be found in a dictionary or the name of a person, character, product, or organization.
  • Significantly different from your previous passwords.
  • Easy for you to remember but difficult for others to guess. Consider using a memorable phrase like "PasswordLocked0ut!".

The importance of Encryption

Encryption is crucial for protecting sensitive data from unauthorised access. It transforms readable information into an unreadable format (ciphertext), which can only be decrypted with the right key. Here’s why encryption matters:

🔒 1. Data Protection

  • Encrypting stored data ensures it remains secure, even if the storage device is compromised.
  • Encryption protects data while it's being transmitted across networks, preventing interception by attackers.

👁️ 2. Privacy and Confidentiality

  • Encryption ensures that only authorised users can access sensitive information, safeguarding personal data, financial records, and intellectual property.

🛡️ 3. Defense Against Cyber Threats

  • It protects against threats like hacking, phishing, and man-in-the-middle attacks by making intercepted data unusable without the decryption key.

📜 4. Regulatory Compliance

  • Many regulations, such as UK GDPR, EU GDPR, HIPAA, and PCI-DSS, require encryption to protect sensitive information. Non-compliance can lead to very big fines/financial loss

🔑 5. Integrity and Authentication

  • Encryption ensures that data hasn’t been altered during transmission and can confirm the authenticity of the sender.

🕵️ 6. Protection Against Insider Threats

  • Even if someone inside an organisation gains access to data, encryption ensures they can't read it without proper authorization.