January Best Practice - PASSWORDS

One of the first steps in cleaning up your Cyber Health is looking at your password management. We all know passwords are a weak point in many organizations. An obvious password can be hacked, a compromised password can be used to log in to sensitive data, and an old password runs the risk of either being previously compromised or being used to guess newer passwords you may be using.

So what is the best way to fix all of this? First, consider implementing a password manager. There are many free or paid applications that can help with this for personal use. For a healthcare practice, consider a program like MyGlue that can securely store all the passwords needed in your organization. These applications have the added benefit of automatically creating new, hard-to-guess passwords for you, so you don’t have to come up with a new 12-digit string of nonsense every time you need to use a new program.

Second, create and implement standard practices for password expiration. Even a good password will stop being secure if you give it enough time. 90 days is a good target for password expiration to critical business applications. This ensures that if old passwords get hacked or compromised, the credentials in your organization are always being updated.

Third, as always, DOCUMENT and IMPLEMENT these practices! One weak link can break a chain. One employee being careless could compromise your network, your data, and your patient’s information! From the CEO to the RN, every healthcare provider must follow best practices for the cyber health of your practice.