Why Password Managers are the Starting Blocks of Cyber-Security
As a business owner or office manager, you already know that cyber-security is a race — against hackers, against malware, against the dark web. You need to come out of the gate strong to have the best chance at winning. Implement a password manager at your starting blocks.
The recent compromise of Yahoo has brought the importance of password management systems back into focus. These management tools store all your login information and passwords used online and within your company. The password manager will then encrypt all of these with one master password.
Are passwords still that important?
More than ever. Most people don’t use strong passwords to begin with, and then they re-use them across internal networks and online. When you have multiple employees accessing multiple websites each day from multiple locations, the risk of human error is very real. All it takes is one breach of a repetitive password to put everything else at risk. The longer, weirder and more complicated the password, the better.
Think about how your staff keeps track of their passwords now? Is it an Excel file? Word document? Sticky notes tacked to your desk? Are your passwords just minor variations of the same two or three phrases?
Your business is worth more than this. 2016 has seen a massive increase in ransomware attacks via email. We know that internal connections, like networked printers, can be compromised by hackers. But last month, tripwire.com noted that, according to IBM and Verizon, the “human factor” can be attributed to 95% of all security incidents. It’s time to minimize that.
How do I know which password manager to use?
This is when you lean on your IT department or IT service provider. The first step should be an audit of your system, potential weak links, and specific needs. Based on that evaluation, your provider will recommend the right system for you. You’ll talk about the cloud. You’ll talk about local storage. But, remember these 3 A’s: access, auditing and automation.
Your password manager should have a way to control who can access passwords and what they can do with them. You’ll want auditing capabilities to see who has accessed passwords and to ensure that stored passwords meet compliance rules. Automation features are important to keep passwords changing when necessary and to inform users when passwords need manual updating.
Once my password management system is in place, am I all set?
Unfortunately, cyber-security isn’t a one-solution fix. Again, the system evaluation done by your IT provider will be your guide. A layered approach to security is critical. Conventional methods are no longer enough. Baseline Magazine quotes Jeremy Samide, CEO of security advisory and cyber-intelligence firm Stealthcare: “In the past, if you had basic protections in place—things like a firewall, antivirus and intrusion detection—you were mostly safe and secure. The risks now extend far beyond the perimeter.” Passwords are not the whole plan, but managing them provides a strong start in securing beyond your perimeter.