Law Firm Password Policies…Do You Enforce Them?
Got the idea for this blog after writing up our second CLE course on client data security and ethics. A desktop password is more important that you think. It’s the gateway to all your client data on your network. If someone can guess your password or even worse, knows your password, your putting your client data as well as your ethical obligation to your clients in jeopardy. A good way to stay on top of this is to change your password every 60 days. If your network has a domain controller or server, this can be done easily and automatically, prompting you to change your password every 60 days on login. Another easy way to enforce a password policy in your office is to make sure passwords stay different when it comes to Windows, Quickbooks, PClaw, or any other application. Keep these passwords separate. If they are the same, then the intruder now knows all of your passwords. Everyone keeps 3 to 4 passwords in their brains, try to mix it up a bit when it comes to work related things. Also, keep work passwords and personal passwords like banking separate.
Another issue with passwords is that there is usually someone in the office with all the passwords for all the PC’s. They should only be management or I.T.. Your office should have only 1 person with the password list, not 4. In the case of one of our clients, the client did not listen to password policy and distributed password lists to multiple employees. One of them was let go, and everyone had to scramble to change passwords which was a nightmare. The other problem I see with passwords is when everyone has the same password! Often for ease, people are setup with the same password so that other users can log on to other workstations without having to remember multiple passwords. If I’ve said this once, I’ve said it a thousand times, 1 person per workstation, there should be no sharing unless the workstation is separate from the office network.
The final tip I have for you in terms of password policy is to NOT choose any popular passwords. Below is a graphic of all popular passwords. The larger the font, the more popular the password. Check it out and try to focus on the importance of password policies, not just the convenience of having an easy password. They are there for a reason, and for the betterment of your client data security and confidentiality.