I'm looking for ways to stop employees from sending passwords through email. Training them not to do it is one approach, but I'm curious if there are systems that can alert or block emails containing commonly used passwords. I recently saw an employee email a company and get a password back in plain text, which raises concerns.
3 Answers
The first step is to provide employees with a secure method for sharing passwords without using email. Proper training on how to utilize these methods is crucial. After that, you can implement data loss prevention (DLP) tools to help monitor this issue, but flagging emails with phrases like 'use this password' might be your best bet for a start.
It's worth asking what types of passwords are being shared. Are they just updating everyone on a shared account's password? Consider investing in a password manager that supports secure password sharing—this could really streamline things. If constrained by budget, free open-source password managers could be your solution!
You could set up scripts that convert passwords into asterisks (like 'hunter2'). DLP tools can also assist in preventing this, depending on your current tech setup and budget. However, establishing a clear policy is essential—collaborate with HR to create guidelines that state passwords shouldn't be sent via email, and outline the consequences for anyone who doesn't follow those rules.
Great advice! But honestly, is it really that surprising? Not emailing passwords has been a security best practice for decades.