December 18th, 2018
Passwords are usually the first level of security between you and your company’s data. As the rules and regulations for a “strong password” are becoming stricter and more complex, it’s not a surprise that passwords have become the bane of our existence. The reality, though, is that passwords are a necessary evil. It’s important to do what you can to keep your data, your employee’s data, and your clients’ data safe and secure, so here are some tips on how to do so!
DO simplify password security: Keep password access on a need-to-know basis. With a dedicated password manager for small businesses, you can do this by configuring role-based access control. This allows you to manage password permissions for multiple users.
DO have a backup plan: Ensure that there is a way to automatically change passwords. That way, whenever someone falls for a phishing scam, you can update your passwords right away. This is also helpful whenever someone with access to sensitive data leaves the company.
DO implement a password policy: Enforce long and complex passwords. This means no social security numbers, birthdays, pet names, or the name of your first crush. It also means not substituting l3tt3r5 w1th numb3r5.
DO use SSO, MFA, or 2FA: Password authentication is another form of security that promotes better password management. If a password does get breached, at least you know there is an extra layer of protection to keep the unwanted perps from getting in.
DON’T store passwords on a spreadsheet or document: Putting all your passwords on a spreadsheet to share with your employees may seem like a good idea, but it’s not. First, spreadsheets and documents have just about as much security as your desk drawer (i.e. none at all). Second, they require a person to manually update any passwords that get changed. But what happens if someone forgets to make the update or if they accidentally make a typo? Trust us, this happens more often than you think, and it always ends up wasting resources.
DON’T use the same passwords for more than one log-in: Once your password gets hacked, all your other accounts are then open to be breached. Don’t make it easy and use completely different passwords for all your logins.
DON’T save passwords on to shared computers: Pre-saved passwords create easy access for anyone to login to your accounts, especially on shared computers. Never leave a shared computer without logging out, and always make sure you are actually logged out.
There are a lot of different password management softwares out there. But as a small to mid sized business, there are a few things you might have to consider, including how many employees you have, what your budget is, and the type of security you need. If you’re looking at a password manager for small businesses, here are a few of the top choices that just might fit your needs.
Dashlane has a premium plan that allows you to store unlimited passwords, synced across multiple devices. You also get personalized security alerts and built-in VPN when you’re working over unsecured WiFi networks.
LastPass Business makes it easy to both manage and share passwords for websites and applications, no matter where your team is located. With LastPass, you get centralized control over all your passwords and automated user management, and employees get their own “vault” to store their passwords.
RoboForm offers centralized password management, role-based permissions, and unlimited password sharing. Their security center helps users to create strong passwords, and it also helps identify duplicate passwords to reduce the chance of a security breach.
Keeper is a password manager with a strong focus on password security. Their business plan includes a centralized admin console, password vaults for every user, unlimited devices, and basic two factor authentication.
Both their free and premium plan offer unlimited password and data storage, two factor and biometric authentication, secure digital wallet, and a strong password generator. With the premium plan, you can sync and backup your passwords and data across all devices and on the cloud.
Password management and processes may not be the first thing that comes to mind when you think about traditional IT support, but Electric is not traditional IT support. Yeah, we provide all of the support that other IT solutions offer (however we do it via chat and in real-time), but what really separates us from traditional IT is our mission to make sure things like forgetting your password doesn't get in the way of your job.