Cyber security is a critical issue in the 21st Century - whether operating as an organisation or as in individual in our daily lives. Cyber security encompasses the protection of computers and devices like smartphones or systems from accidental or intentional malevolent attack.
One key component of a strong cyber protection plan is passwords. Passwords control access to your data, the accounts you use and also the devices you use. Another user should not be able to read, change, or delete your data, or access your systems without knowing the password. The following bullet points set out some key advice from the National Cyber Security Centre (NCSC) about developing secure passwords:
- Create strong passwords - avoid using predictable passwords (such as dates, family or pet names). Do not use 'Password' or iterations such as 'Pa55word';
- Try to use different passwords on each of your accounts;
- If you do use the same password on multiple accounts, make sure the password for your email account is separate. Since this is where any password reset options will be sent, it is the most important of all your passwords;
- To create a memorable password you can try using three random, unrelated words, such as coffeegardengiraffe;
- Many password systems will also require you to use a mix of upper case, lower case, symbols and numbers - so you could use the above as CoffeeGardenG1raffe?;
- Do not use coffeegardengiraffe or CoffeeGardenG1raffe? !!;
- If you do need to write password reminders, try writing them in code, for example, CGG could help remind you or CGG1? if you use the second version with numbers and symbols;
- Never share passwords; and
- Never leave devices logged in and unattended.
In 2019, the NCSC published details of the most commonly used passwords, which included:
- 123456 - which was used 23.3 million times;
- 123456789 - used 7.7m times;
- qwerty - used 3.8m times;
- password - used 3.6m times; and
- Names such as 'Ashley', 'Michael, and 'Daniel' are also popular, as are premier league football teams, musician and other common, guessable entities.
You can read more about hacked passwords and creating secure passwords on the NCSC's website.
ENTRUST believes it is an essential task for all organisations to deactivate, or remove access to systems that members of staff (or volunteers) have access to, when they leave the organisation.
Enrolled Environmental Bodies (EBs) should also make sure that when their staff or volunteers leave the EB, they are removed from ENTRUST Online (EOL) as users. This protects the company from the former employee accessing or updating the records we hold on EOL about your EB. It also ensures that you are protecting any personal data (such as names, addresses and telephone numbers of EB contacts and Governing Members) under the General Data Protection Regulation (GDPR). It is also a requirement, under the Landfill Tax Regulations (1996) to keep up to date records of EB contacts and Governing Members (eg Trustees and Directors).
If you need any help to update your EB records and/or to remove former employees or volunteers please contact our Helpline on 01926 488 300 or email Helpline@entrust.org.uk