With cybercrime a constant threat, there are a number of cyber security measures that every small business should take. One of these should be the strict control of passwords and access to them.
Every individual who has an email account will have at some point in the past, and in the future, receive a phishing email. This may have directed you to enter your login details or tried to redirect you to a fake website. They may have attached a download that is designed to log all the keystrokes that you make.
The aim of this phishing email would have been to steal your passwords. The mail could have been set up to look like it was from eBay, Amazon, or your bank. These emails are sent out in their millions, and it only takes a small percentage of individuals to fall for them to make them profitable.
Businesses are also vulnerable to these and other attacks. One way to tighten up security is to use a password manager.
Why would anyone need a password manager?
Before you even consider the level of online security that a business may need, just think about an individual at home. Someone like yourself.
How many passwords and online accounts do you have? Probably more than you realize, and almost certainly several defunct and idle accounts too.
There are certain advantages that a password manager can bring to the average computer user. They hold all the login credentials in one place. Therefore it makes it easier to have individual passwords for different accounts without the worry of remembering them.
Managers can also generate new passwords for you that are strong and unique. Not only can they generate passwords, but they can also do it every time you access one of your accounts. With this tool, if you have unused email accounts that have been compromised, it won’t affect your Netflix, banking, or Gmail, because your passwords will not be identical.
Businesses require some extra features though, and a higher level of security than someone at home just browsing the net. Thus, enterprise password management software should be installed for small and medium businesses to secure their login credentals.
What is enterprise password management software?
The idea behind enterprise password vaults is to have all necessary certificates and credentials stored in one securely managed location.
An administrator would have access through a strong master passcode, and they can rotate, delete, and secure passwords and other credentials for all the business’s systems and accounts.
Instead of trusting employees to change their passwords regularly for original and secure codes, the password manager will have control. A password manager can store other data too which pertains to privileged accounts and access.
Administrators may be able to view live sessions, and if they witness suspicious behavior, they may be able to terminate access. Different enterprise password software have different features.
It is quite vital to check what features come with enterprise password management software before making your purchase and installation.
What are the risks of neglecting password management?
The chances are that you, yourself, have weak and repeated passwords. Perhaps your company already has a password manager in use. But, what about your home accounts?
Forbes reported that Google conducted a study into password security in 2019. This showed that more than half of respondents used the same password on multiple accounts, and 13% used the same password on every online account they had.
Unfortunately, this is part of human nature in some ways. The average person is said to have perhaps more than 70 passwords, and most of them will be very similar.
One of the most common occurrences with password resets is simply to use one that is remembered from the past, and perhaps stick an extra symbol or number on the end. There are plenty of password cracking tools on the market, and these can break simple passwords and allow access to unauthorized individuals.
The risk with not using secure passwords, and strong ones at that, is that your accounts can be easily compromised and breached. Once this happens, sensitive data and financial information can be copied and deleted. Cash can start to disappear from bank accounts, and credit cards may start to show unknown purchases and charges.
How effective are password cracking systems?
If an enterprise password management system is designed to safely store credentials for business accounts, then it probably isn’t surprising to know there is an opposite number.
Password cracking systems are not necessarily bad things. In the right hands, an IT or cybersecurity professional can use this software for password recovery. Some of these programs also monitor who is accessing systems, and they can test for weaknesses and just how vulnerable current passwords are.
However, they can also be used by hackers to break into other people’s accounts. Password theft is very, very common.
How often are passwords stolen?
It is said that up to 1 million passwords are stolen every week. In the biggest data breaches, often millions or billions of passwords and other information is stolen in one sweep.
Huge companies have suffered large data breaches which resulted in worry for their user base, and often hefty fines for the companies involved. Reputations can also be damaged when passwords are stolen as customers lose faith in the business involved.
One example of password theft was told in the USA Today some years ago. Although it is an older story, it is still significant today. In 2014, the Home Depot announced it had suffered a potentially catastrophic data breach.
Stolen login credentials allowed hackers to access 56 million debit and credit card details from the Home Depot’s payment systems. The company promised to help customers monitor their credit, but believed that they wouldn’t be affected.
However, the breach cost the company over $60 million in damages, as well as lost customer faith. All this through the theft of a password.
Will an enterprise password management solution stop credentials from being stolen?
No system is perfect, and even the securest of data rooms have vulnerabilities. Nevertheless, the choice between allowing employees to choose their own passwords and manage them compared to using a password vault shouldn’t be difficult.
While enterprise password managers aren’t completely uncrackable, they add very strong layers of security to accounts and systems. They can stop hackers from gaining access to root systems, and protect SSH keys and other credentials.
They use strong encryption, with many of them using the same security standards that the US government prefers. The Advanced Encryption Standard, or AES, is used in many enterprise password managers, and this provides high-grade security.
There are many reasons why employees should be aware of cyber security, and data breaches are just one of them. Yet, these are still the main threat with cybercrimes and hackers.
Employees are unlikely to worry about their passwords as much as system administrators and employers are. Using an enterprise password manager is one way to ensure that credentials aren’t easy to gain and dump and that passwords are strong and unique.
Privileged accounts in businesses should only be accessed by those authorized. An enterprise password management solution can help to ensure that this is what happens, and anyone else is securely locked out.