You can have all the locks on your data center and have all the network security available, but nothing will keep your data safe if your employees are careless with passwords.
Change Passwords – Most security experts recommend that companies change out all passwords every 30 to 90 days.
Require passwords that mix upper and lowercase, number, and a symbol.
Teach employees NOT to use standard dictionary words ( in any language), or personal data that can be known, or can be stolen: addresses, telephone numbers, SSNs, etc.
Emphasize that employees should not access anything using another employee’s login. To save time or for convenience, employees may leave systems and screens open and let others access them. This is usually done so one person doesn’t have to take the time to logout and the next take the effort to log back in. Make a policy regarding this and enforce it. If you see this happening, make sure they are aware of it.
These are just a few basic password hints, but they can make a difference.