When news broke that passwords may have been compromised at some very popular web sites, I immediately thought “Where else am I using that same password?” I, like many others, sometimes reuse passwords even though I know better.  The last 48 hours of password leaks should serve as a wake-up call for consumers and businesses alike.

The fact is that, even in the workplace, users are likely to utilize the same password to access any number of personal and business resources. It’s a big problem and businesses can lose millions of dollars if just one employees’ account is compromised, leading to the loss of sensitive corporate data.

So, what are we to do? Rather than dive into salted hashes, see my colleagues post on What’s @ Stake for information on that, for this post I think it’s important to focus on best practices to protect your information.

There are several steps that both businesses and individuals can take to improve their level of protection around passwords.

Enterprise Information Protection Best Practices

Symantec strongly encourages organizations to follow information protection best practices to avoid data loss including:

• Educate employees on information protection policies and procedures, then hold them accountable
• Implement two factor authentication
• Integrate information protection practices into businesses processes
• Assess risks by identifying and classifying confidential information
• Deploy data loss prevention technologies which enable policy compliance and enforcement
• Implement an integrated security solution that includes reputation-based security, proactive threat protection, firewall and intrusion prevention in order to keep malware off endpoints
• Establish automated policy compliance solution to detect and remediate areas of non-compliance immediately
• Proactively encrypt laptops to minimize consequences of a lost device

Consumer Best Practices

Consumers also need to be in the know. The Norton division of Symantec encourages consumers to take proactive steps to protect themselves:

• Consumers who think their personal or financial information might have been accessed by a cybercriminal should immediately change usernames and passwords for their online accounts and replace bank accounts or credit cards that may have been affected.
• Prevent hackers from accessing your information by protecting your computer from targeted malware attacks with a comprehensive Internet security solution like Norton Internet Security or Norton 360.
• Follow password best practices: Make sure your password for computer and online accounts is long, difficult to guess and changes frequently. This basic protection will prevent data breach in the event of your computer being stolen, or should a hacker intrude on your network.
• Create complex passwords that are hard to guess and change them regularly.
• Use different usernames and passwords for each online account so if one account is compromised, cybercriminals won’t be able to gain access to other online accounts with the same username and password.
• Consider using a free password manager like Norton Identity Safe, to eliminate the hassle of remembering multiple passwords while keeping your personal information secure.

And, I’m curious, how many passwords did you change this week?