Skip to content 
This insight is part of a series of cybersecurity insights for Cybersecurity Awareness Month, recognized each October. Each article features a corresponding poster with CaseWorthy’s weekly cybersecurity tip that organizations can download and display for their employees. Week one focuses on password hygiene. See all of our resources as they’re published in our Cybersecurity Awareness Month Toolkit here.
Nonprofits, government agencies, and human services organizations have a profound responsibility to protect sensitive data. One critical aspect of cybersecurity is password hygiene. In this article, we will explore the importance of robust password practices and provide guidelines for enhancing password security within these organizations.
Many organizations consider the mere existence of a password to be sufficient, but this is certainly not the case. According to security.org (see table), short and non-complex passwords can be ‘cracked’ (broken) almost immediately.
Enforce strong passwords.
Require users to select passwords at least 12 characters long, including at least one uppercase letter, number, and symbol which are changed every 90 days. Even better, encourage the use of long pass phrases that are easier to remember but more difficult to crack; these may only have to be changed annually.
Avoid old passwords.
Encourage users to change their passwords regularly, ideally every 60 to 90 days. Implement a system that enforces password changes and prevents reuse of recent passwords.
Old may be compromised and available to threat actors online. You can check some of these yourself using the website https://haveibeenpwned.com.
Do not reuse passwords.
This is the practice of using unique passwords for every account you may use. Statistics show that during a Microsoft study over just three months from January to March 2020, 44 million users used the same password on more than one account. Similarly, a 2019 Google study found that 52% of users reused the same password on more than one site while 13% used the same password for all of their accounts. This makes your corporate password as insecure as the weakest security of another site using the password, so this is a practice to avoid.
Use a password manager.
The easiest way to ensure good password security is to use a password manager, also referred to as a password vault. These types of software can generate complex unique passwords for your accounts and save those for you so that all you have to do is remember one master password to get into your manager.
The protection of sensitive information is a top priority for health and human services organizations. Robust password hygiene is an essential component of a comprehensive cybersecurity strategy. By following the guidelines outlined in this article and fostering a culture of security awareness, these organizations can significantly reduce the risk of data breaches and maintain the trust of their clients and stakeholders. Remember, strong passwords are not just a necessity; they are the foundation of a secure digital future in the healthcare and human services sector.
Get more free cybersecurity tips in our Cybersecurity Toolkit!
CaseWorthy is a family of products helping organizations to combine their program data and business operations into a single scalable solution. CaseWorthy strives to maintain the highest level of information security to protect its systems, data, and clients. To demonstrate its commitment, it maintains HITRUST and SOC 2 certifications to certify the program through independent third party evaluation. Our commitment extends beyond compliance; it’s a proactive approach that drives us to continuously invest in cutting-edge technologies, adopt best practices, and foster a culture of security awareness among our team. By collaborating with industry experts, sharing insights, and staying vigilant against emerging threats, we contribute to the collective resilience of the business community and demonstrate our dedication to a safer digital world for all.