Global Change Your Password Day on 1 February: 6 ways to strengthen your online security

HR professionals play a crucial role in safeguarding their workforce from cybersecurity threats by implementing people policies that promote awareness.

After experiencing the distressing consequences of being hacked on two separate occasions, former technology journalist Matt Buchanan established global Change Your Password Day in 2012, as shared by KnowBe4.

This day is now observed on 1 February each year, with a view to encourage individuals and organisations to update their passwords regularly as a cybersecurity measure. 

With many people using the same password across multiple sites, this makes them vulnerable if one account is compromised. This is more so the case for the elderly, who often fall prey to cyber scams, thus this article is a reminder to change your weak/reused/old passwords, as well as help those within your ecosystem at work or at home in case they need assistance.

Best practices for stronger passwords:

1. Use unique passwords for different accounts.
2. Create long passwords (at least 12–16 characters) with a mix of letters, numbers, and symbols.
3. Avoid common passwords like '123456' or 'password' (check out our list of the most commonly hacked passwords)
4. Enable multi-factor authentication (MFA) for added security.
5. Consider using a **password manager** to generate and store complex passwords securely.

HR professionals play a crucial role in safeguarding their workforce from cybersecurity threats by implementing people policies that promote awareness. Here are some cyber security strategies to consider:

1. Cybersecurity awareness & training
- Provide regular training sessions on phishing, password hygiene, and data privacy.
- Conduct controlled phishing tests to assess and improve employees’ ability to spot scams.
- Educate employees about impersonation scams, business email compromise (BEC), and deepfake threats.

2. Strong authentication & access controls
- Require MFA for all critical systems, including HRIS and payroll platforms.
- Limit access to sensitive HR and payroll data based on job roles and responsibilities.
- Implement security measures that lock accounts after multiple failed login attempts.

3. Secure password policies
- Use longer, complex passwords with a mix of characters.
- Implement tools that prevent employees from using compromised passwords.
- Provide secure enterprise password managers to reduce password reuse.

4. Data protection & privacy policies
- Ensure that HR and employees understand data privacy laws (e.g., GDPR, PDPA).
- Store sensitive HR data in encrypted systems with strict access controls.
- Conduct routine reviews of employee data security policies and compliance.

5. Remote work & device security
- Require personal devices to have up-to-date security software and VPN access.
- If possible, issue company-managed devices with pre-installed security controls.
- Ensure all systems and devices are updated with the latest security patches.

6. Incident response & reporting culture
- Employees should report suspicious emails, data breaches, or credential leaks without fear of punishment.
- HR and IT teams should work together on incident response plans, including rapid account lockdowns in case of breaches.
- Have a clear communication protocol for informing employees about security threats.

ALSO READ: Top 10 passwords used by HR professionals