Guest Blog: The Tek Raleigh - Password Management: The Struggle is Real
Now a days, companies are using more and more online collaboration tools to be more productive and efficient. From Google Drives to marketing automation tools to CRM systems, employees are required to manage their day-to-day responsibilities across multiple online platforms which means managing multiple usernames and passwords.
Password management continues to be a pain point for not just the employees, but also for the business owners and I.T. departments. Having strong passwords is one of the key components to protecting your company’s valuable data and detering a cyber breach. Your employees are the first line of defense when it comes to cyber security, but according to the 2017 survey by Pew Research, 84% of Americans surveyed use traditional methods of tracking their passwords, either memorization or dreaded pen and paper or even worse, that sticky note under the keyboard.
So, what do you do? There are several options to consider and steps you can take to help password management for your employees and to keep your company secure.
The first step should always start with education - when you know better, you do better. When employees understand the importance of cyber security for the company and the impact of their actions, they will begin to take the proper steps needed to secure their data.
But, employee education shouldn’t just be a 10 minute footnote during a company meeting or a hour long mandated training. It’s not a one-and-done item on your to-do list. It involves careful consideration and planning to ensure the content is “sticky”. AND...you must take into account the various ways that adults learn.
There are several tools available to small businesses that can help them to not only educate their employees about cyber security, but to put into place company policies and procedures (which is a whole nother topic for a different time).
Many of our clients work closely with us to develop a customized and comprehensive training system for their employees that is based on the behaviors of each individual employee. Our system helps to gather the upfront needed data to develop the training and then roll out the program on a rolling basis.
This allows you to manage security by permitting employee access to select company data. You can manage who should be removed and/or added when onboarding and offboarding from each individual system. This helps to prevent the misuse of company financials and data and is increasingly being adopted across both large and SMB organizations.
Here are a few steps you can take now to get started with user provisioning.
Single Sign-On Solution
Consider using a SSO (Single Sign-On) platform. It makes resetting passwords and memorizing multiple passwords a thing of the past. With the cloud serving as a central hub for all your key information systems, you can give your team immediate access to every tool they need with just one login. One of the best features allows you to disable access or change a password, and it changes for ALL the apps.
While this may sound like the same thing as a password manager, SSO is different in that if offers tighter security by granting control over your applications and allows your I.T. department monitoring capabilities to ensure compliance with company policy so you don’t have to worry about your business being vulnerable to attacks.
The Tek can help you setup your own SSO platform. Just use our contact us form and we will provide you with more information. https://www.thetek.com/contact-us.
According to the 2017 Verizon Data Breach Investigations Report (DBIR), “81% of data breaches involved weak or stolen credentials” MFA is an authentication method in which a user is granted access only after successfully presenting two or more factors to an authentication mechanism: knowledge (something the user and only the user knows), possession (something the user and only the user has), and inherence (something the user and only the user is). https://bit.ly/21a2No5
MFA is important because it adds an additional layer of security. Think about it, if someone gets your password they gain access to everything, but with MFA, hackers still can't get in. Most of the breaches that have recently occurred probably wouldn’t have happened if the company had implemented MFA.
Password Management Tool
While SSO Platforms provide that added layer of security beyond a password management tool, there is still need for a general password manager. A password manager like Roboforms works well for windows applications.
“According to the Gartner Group, between 20 to 50 percent of all help desk calls are for password resets. Forester Research states that the average help desk labor cost for a single password reset is 70 dollars.” This is not only a hassle for your employees but directly impacts your bottomline. Using a company password manager will not only significantly save your business from inefficient time management when it comes to password resets, but will also help to secure your company data by implementing stronger passwords.
Overall, password management doesn’t need to be a pain point for businesses and their employees. There are great tools and resources available today that can help ensure your business is protected, but it’s not a one-size fits all. We’re here to help. Contact us today for a free assessment. We can help you customize a password management program that is right for your business and employees.