Behind a single weak password could be all your company’s most sensitive and valuable data. Offices have gone from paper locked in filing cabinets to digital files, and the new form of break-in is a data breach.
Login credentials are a much sought-after commodity by cyber criminals and often entire databases of hacked passwords will go up for sale on the Dark Web. These can unlock all types of personal information, such as credit card details, Social Security Numbers, and more.
80% of hacking-related data breaches are the fault of compromised passwords.
Many businesses protect their data with firewalls, managed I.T. security, and anti-malware programs, yet fall short when it comes to password management. They often leave it up to their employees to create their own passwords without a firm policy in place.
What’s at risk?
For some businesses, it could be their livelihood. The costs of a data breach are significant and small businesses often can’t overcome a major breach. The average cost of a breach is $3.9 millionand those costs are typically spread out past the first year, meaning a business could be paying the costs for years.
Data breaches often leave your clients with a loss of trust and it’s hard to gain that back.
With so many data breaches happening due to compromised passwords, if you adopt some best practices when it comes to password management, you can safeguard your data and significantly reduce your risk of becoming a victim.
Two of Your Best Tools for Secure Password Management
While most people understand that they need to create long and strong passwords that are unique to logins they use, the fact is that they also need to remember those passwords to go about their daily work.
It’s a dilemma that is at the heart of password management. How do you balance productivity with security?
Some of the common bad habits that we see employees adopting are:
- Making passwords that are easy to guess
- Using personally identifiable details in their password
- Sharing passwords with colleagues
- Writing passwords down and keeping them near their PC
- Reusing a few passwords for multiple logins (both personal and business)
- Saving passwords in browsers
There are two tools that a business can use to combat lax password security and strengthen those password “keys” that hackers are trying to get to unlock your corporate data.
Multi-Factor Authentication (MFA)
Multi-factor Authentication, also known as Two-Factor Authentication (2FA) is a safeguard against weak or stolen passwords because they add another layer of identification to the security of a login. And that layer is a pretty strong one.
According to data from Google, MFA stopped 100% of automated bot hacks. MFA works so well because the hacker typically will only have one of the requirements needed to get through a login.
With Multi-factor Authentication, you’re required to add another proof point that you are the user who matches the username and password. Authentication factors are typically:
- Something you should know: Username/password
- Something you should have: A smart phone that receives a code or other security token
- Something you are: Fingerprint or retina scan
Most software that uses MFA will employ the first two factors. Once you enter your username and password, a code will be sent either by text message, email, or computer notification that must be entered to complete your login. The code will generally be time limited for security, for example, needing to be entered within 5 minutes.
Even if a hacker has a username and password without that second factor, they’re kept out and can’t gain access.
Password Management Application
Password Managers, like Dashlane, LastPass, and 1Password, help users get a handle on juggling multiple strong passwords that are unique to each login. A password manager keeps all your login credentials in a single place, and you can access them all through one master password. This makes it much more realistic to remember a long and strong password, because there’s only one to remember.
Password management applications also can create strong passwords that have long strings of characters. They can be accessed via a mobile or desktop application or via a browser extension.
They’re also designed to be quick and easy so as not to slow you down when you’re trying to get work done. When you need to log into an app or webpage, you simply enter your master password to gain access, choose the login you need, and it will either autofill in a webform or you can copy/paste it from the manager.
Other company benefits of using a password manager:
- An admin can be granted access to employee passwords (so no scrambling to find a password if someone leaves abruptly)
- They can also be used to secure corporate credit card information and autofill details into payment forms
- They can give you insightful reporting as to how your company applications are being accessed
- MFA can be used with a password manager to further secure the master password.
How Strong is Your Network Security?
Unfortunately, the hackers never sleep, so businesses need to be constantly vigilant when it comes to their network and data security. But you don’t have to go it alone! Texas I.T. Pros can assess your current security practices, including password management, and give you honest suggestions about how to improve them.
Contact us today to schedule your security assessment. Call 940-239-6500 or reach us online.