With Tuesday 6 February marking Safer Internet Day at CourtHeath we think it is timely to talk about how to use passwords the ‘right way’ in procurement.

Passwords are the key to our electronic worlds and yet, many of us are not that sensible about using them. Would you leave the house empty and the key in the door? Or the car open, with the key in the ignition? Well, sometimes without thinking, people are doing the ‘electronic equivalent’ of just this with their passwords. 

During a procurement process, we are often privy to highly confidential information, such as tender evaluation reports or draft specifications. This is information that only a closed circle of personnel should be permitted to access. And with this in mind, it may be a good idea to add an extra layer of security to procurement documents by making them password-protected.

The following are some easy to follow ways to make sure that you are not unwittingly leaving confidential electronic information exposed to people outside of the procurement process or accidentally locking yourself out of the records you have created to demonstrate a defensible procurement process.

The first and most important step you should take is to use strong passwords.

So what does a strong password mean? It means that your passwords should not be easy to guess. It is not a good idea to use your pet’s name or your date of birth. Think about using a sentence or a phrase – and this could be about your pets if you like! If the character limit allows something like, ‘I have 2 chihuahuas who like long walks’ might work. If you are limited in characters you could use the first letter of each word ‘Ih2cwllw’. Some administrators require that you use a combination of lower case and capital letters as well as numbers, and sometimes symbols ‘I spend lots of $ on my 2 chihuahuas’ could become ‘Islo$om2c’.

Generally speaking, you should try to use different passwords for different documents. This will reduce the risk of a ‘hacker’ being able to access all of your procurement records by guessing a single password. The same applies, of course, to using different PINs with your personal bank accounts. You don’t want a thief who gets access to your purse or wallet to guess one number and gain access to all of your accounts.

Remembering passwords can get out of control for all of us.

If you need help, consider investing in a password safe app to manage them for you. Alternatively, the old fashioned method of writing your passwords down and hiding them well away from your devices can work. At the conclusion of a procurement process, it is wise to collate your passwords into a single document that is saved securely away from your other procurement documents. This will ensure that your procurement records remain accessible and auditable. 

The most critical, and yet most forgotten, principle of securing your devices is physical security.

Don’t leave unsecured devices such as phones, tablets, laptops, USB keys or other removable media lying around. While it is true that portable devices are very easy to steal and USB keys are easy to lose, devices with unlocked screens may also provide free access to whatever is open and unlocked on your device. While it may be okay to log into internet banking or open a password protected document at home and then go and get yourself a cup of coffee, this is not something that you should ever do in the workplace. You may also be putting your professional reputation at risk by providing an opportunity for someone else to action or access sensitive procurement documents under your log-in, or even worse, sending emails including the documents or other sensitive information from your email account. It should be your standard practice to lock your screen whenever you move away from your desk or office.

Confidential procurement information should only be put onto a USB key if the documents are password protected or the USB is encrypted. But even then, if you leave your laptop unlocked when you leave your desk and the documents are open, they are not secure at all.

Securing your files and devices is just as important as securing your home, and your personal belongings; but it need not be hard. Following these simple tips will certainly set you in the right direction. Happy Safer Internet Day!

* * *

Image by Stavros Sakellaris.