Q. We have recently had major staff turnover in the practice and I am aware that many of the old passwords are still active. Should I disable them?

A. It is really important to actively manage user names and passwords in the practice. When a staff member leaves practice employment, their user name and password should be disabled. If you have not reviewed user names and passwords in a while then now is a good time. The publication No Data No Business, available from www.icgp.ie/gpit says: "Staff should use their own individual accounts when logging onto Windows and when logging onto the GP system. In the event of accidental or malicious damage to data, with proper auditing enabled, it is possible to trace back to the account that caused the damage. Strong passwords should be set up on each account.

Password 'dos':

• DO use a password of at least eight characters
• DO use a random mixture of characters, uppercase, lowercase numbers and punctuation
• DO change passwords regularly
• DO use a password that can be typed quickly. This makes it harder for someone to steal your password
• DO choose a password that you can remember
• DO use the first letter of each word from a sentence or a line from a poem or song.