The global spotlight on cybersecurity may have you wondering, “Am I doing enough to keep my systems and my customers safe?” You’re not alone. From individuals to small business owners to global corporations, the pressure is on to safeguard our systems… And we are here to help. This post is part of a series on utility cybersecurity. In it, we will cover key things you can focus on today to make your systems more secure.

I grew up in a small town in Georgia. It was not uncommon to leave our keys in the car – doors unlocked and windows down! It was so convenient to have your keys exactly where you needed them. I never had to worry about losing them. But the thought of losing my car was nowhere in mind.

When I mention this habit to my kids, they are astounded. Car theft is more common these days, so it’s ingrained in them to lock the car doors and take the keys inside. No doubt it’s a mild inconvenience, but it’s much less inconvenient than someone else driving away with our car.

This evolution of car security habits reminds me of how we approach cybersecurity and more specifically, password management. Just 15 years ago, it was secure to have a single, uncomplicated password and not change it. Cybersecurity was only a mild concern. The dangers were limited and the effects were mild. For most of us, convenience trumped concern.

Today, cybersecurity risk and complexities require a more sophisticated approach to password management. Cybercriminals are evolving and we have to evolve with them. The best approach is to protect access to systems in a reliable way with strong confidentiality, availability and integrity.

Here are 5 simple steps you can implement today to help your organization stay on top of industry best practices:

  1. Educate your organization on good password management and best practices. Remember when I said cybersecurity is a partnership? That applies to your entire organization. Your systems are only as safe as your collective weakest password and password management. Require password rotation regularly and increase complexity with your employees. Educate them about the importance of password management and security. Implore them to not be a weak link in your organization’s cybersecurity chain.
  2. Where possible, implement multi-factor authentication (MFA). This simply means that employees must confirm via a secondary device or system when logging in. There are many off-the-shelf MFA devices out there and plenty of commercial applications. MFA is more complex, but with MFA in place, your security position is greatly enhanced should passwords leak.
  3. Implement short password rotation schedules. Your organization’s strongest defense against password leaks is to change passwords frequently. This helps ensure that if passwords are leaked, the time that they are usable for an attack is short.
  4. Require password complexity, including password length, blend of upper and lowercase and special characters. Encourage employees to not repeat passwords across logins.
  5. Move toward implementing Identity and Access Management (IAM). IAM is a more sophisticated approach to managing roles and access privileges. The core objective is to bring users and devices under one digital identity that grants access to assets only as appropriate. Learn more in CSO Online.

We consider ourselves your partner in technology and understand that our customers are on varying points in their cybersecurity journey. We are focused on providing simple best practices that you can implement no matter your level of expertise.

If you have questions on implementing the above, please reach out. We are more than happy to share what we have learned and point you in the right direction to implementation. You can also learn more about cybersecurity from Xylem’s Chief Information Security Officer, Nick Nedostup, in this post and about Xylem’s position on cyber risk in the water sector in this brochure.

Up next, I’ll be covering how to prevent phishing. I invite you to follow along!