Password management is one of the biggest cybersecurity threats, still, for businesses of all sizes. Luckily, it’s also one area that’s relatively easy to remedy, as long as you put the time and resources toward doing so.
Around 81% of company data breaches are thought to be because of poor passwords.
Now that could be an even bigger problem than when that study was released because more employees are working from home.
Employees may reuse passwords across multiple platforms, and they might use the same passwords personally and for work.
The following are some of the things to know this year to protect your business as far as your password management strategies.
Do An Audit
Before you can really understand what your company is doing well and what you’re doing poorly in any area of cybersecurity, you need to do an audit. This will give you a clear picture of the steps you need to take.
You have to have a baseline to measure your improvements, as well and to create an official strategy that you can alter as needed.
Educate Your Employees
No matter how much cybersecurity remains as one of the most pressing issues for businesses, the primary area of weakness is employees. Companies are not putting enough resources into training and educating their employees. Employee errors and a lack of knowledge are driving many of the biggest breaches.
You, as the employer, have a responsibility to train employees fully on all areas of cybersecurity best practices, including password management.
You also can’t look at cybersecurity training as a one-and-done proposition. It’s something that you need to regularly revisit as changes occur.
When training and educating employees on password management in particular, think about training employees on how to create unique and complex passwords.
Along with training, you need to have a set of standards that every password must meet. For example, aim to have numbers and symbols and choose passwords that are at least 16 characters. Don’t store them in email accounts or Excel sheets, and change them at least every 90 days.
Use a Business Password Manager
If you’re going to invest financially in any area related to passwords, do so with a password manager.
You don’t need a proprietary password manager.
Instead, choose a platform that meets the industry standards and is user-friendly for everyone on your team.
You want a password manager that’s well-integrated into employees’ workflows, so they’ll be using it as much as they should.
A password manager needs to also be accessible across all devices your employees use.
A password manager should automatically generate strong passwords that meet the standards highlighted above.
If you use a password manager and a cybercriminal does get one password related to your business, they won’t be able to access everything else.
Then, all that the employee needs to remember is one master key.
Any cybersecurity platform, including one with password management features, also needs to have role-based access functionality.
Your employees need to have access to only what they absolutely need to do their job on a day-to-day basis.
As part of your audit that was mentioned earlier, you should go through and find out exactly who has access to what.
You very likely have too many administrators and administrative accounts being used.
Least privilege is a concept where you go through and start removing administers that are unnecessary and limiting administrative rights.
How Does a Password Manager Work?
If you’re completely new to the concept of a password manager, it’s worth going over the basics of how they work since they are so important.
Basically, you store all of your business online log-in information in one place. Then, the encrypted information is accessed with one master password.
Each online account then has its own unique, strong password. The password manager generates these.
Your employees don’t have to remember all of the many passwords they need, so you’re taking out two major risk factors from the equation, which are using the same passwords for multiple accounts and weak passwords.
You can also choose a password manager that’s integrated with browsers and syncs across multiple devices.
To recap, to strengthen your businesses’ password management this year, first you need to do an audit to discover where your areas of weakness are and who has access to what. Then, you need to train and educate your employees and also put into place cybersecurity technology including a password manager.