Small and medium-sized businesses (SMBs) need a multi-layered cybersecurity defense. A layered approach incudes the “human” layer which incorporates security best practices and policies. An often overlooked element of this layer is password management. Credential management is more important than ever as the majority of SMB breaches are due to leaked or stolen passwords from employees, 81% to be exact. The easiest way to protect one’s passwords is to use a unique and strong password, but with so many passwords, this is becoming difficult. One Google study revealed that 52% of respondents are reusing their passwords. Imagine if half your employees are recycling their passwords? This means that if one account gets compromised, all of that employee’s accounts are now vulnerable putting business data at risk. We recommend including a password management policy and tool, like Lastpass in your company cybersecurity strategy.
The average person has 100 passwords to keep track of.NordPass
What is a business password manager?
A password manager, also known as a credential manager is a secure vault where people can store their passwords. Most password managers also help users generate a strong and unique password. While password managers have been around for years, use in SMBs is currently not widespread.
Why does your business need a password manager?
In the workplace just like in our personal lives, the number of password-protected accounts we access has proliferated and this has resulted in two major problems: password reuse and weak passwords. Both of these problems put your business at risk. A password manager will reduce this risk and make the process of generating and securing those passwords easier. Trying to keep track of all of our passwords is a hassle and it can be time-consuming. Think about how many times you have had to reset a password? With a password manager, employees only need to remember one master password. Other common poor password practices include writing passwords down on devices (yes this still happens!), sharing passwords with colleagues and not changing passwords frequently enough.
In recent years, many businesses have started using Single-Sign-On (SSO). While this is available for many applications, it is not available for all and a password manager is needed to secure those other accounts. Combining SSO with Multifactor Authentication (MFA) and a password manager ensures that your business gains control over every access point.
Why adopt a Password Manager?
- Password manager makes the process easier
- Password generator means no more weak passwords
- Reduced threat of data breach
- Stronger cybersecurity
We’ve partnered with Lastpass to provide our clients with better password security. LastPass is a password manager and SSO solution that secures your data and syncs to any computer or mobile device. Users only need to remember your LastPass master password, and LastPass enters all of your usernames and passwords for you. Here’s just some of its features:
- Corporate/business control
- Vault for every employee
- Passwordless login
- Password generator
- Save and autofill passwords
- Shared folders
- Offline mode
- Dark web monitoring
Two common concerns when considering a password manager are: the security of the tool itself and what happens in the event of a lost master password. Firstly, Lastpass uses local-only encryption which means that only the user can decrepit and access the data. They also use AES-256 bit encryption with PBKDF2 SHA-256 and advanced cloud security. Secondly, an account can be recovered in the instance of a lost or forgotten password. A new master password can be created through the recovery process that involves decrypting the user’s vault.
Want to check to see if any of your credentials been breached? Visit Have I Been Pwned?
If you need help improving your cybersecurity or would like to learn more about password management, please contact us.