Something to think about when it comes to security, 81% of security breaches come from weak or stolen passwords. 3 out of every 4 companies do not have a password manager or use an admin person as their password keeper. Excel sheet on a desktop is a big no no. 55% of breach victims are small businesses. Password managers are a simple in expensive addition to take the guess work out of managing your log ins for a busy business. Everyone with a device faces the same risks yet only 8% of people use tool to help protect their accounts. Why, because most password managers require support from an experienced IT technician or team. They add a lot of value for security and there are ways to add them to your business.
Personal Data Protection
Password managers can be used for controls and auditing and secure sharing, great for onboarding new employees when setting them up on portals, business apps and email. they work great for compliance, instead of storing your passwords in your browser, you can safely input your log in credentials with out a fear of someone being able to easily steal them. Encryption has become really important for personal data and this is an easy way to keep any information private.
CIS Critical Security Controls- Account Management
Password management allows you to hit NIST Framework 5.2 Use Unique Passwords for all Enterprise Assets. Best Practice for implementing includes a minimum of 8 character passwords for accounts using MFA and a 14 character password for those that are not MFA protected. We also ways recommend MFA or 2FA because it notifies you have an attempted log-in and its also best practice as another layer to block someone without proper access to your account.
5.4 Restrict Administrator privileges to dedicated admin accounts or enterprise assets. Conduct general computing activities such as internet browsing email and productivity suite use from the users primary , non-privileged account. Best practice is to give everyone in your business Least Privilege, even the boss.
5.5 Establish and Maintain and Inventory of Service Accounts. The inventory at a minimum must contain department owner, review date and purpose. Perform service account reviews to validate that all active accounts are authorized on a reoccurring schedule at a minimum quarterly or more frequently. To be compliant in any industry we know it is all about documentation. Proof that audits are being run and systems are being checked regularly.
Where is the value?
Password managers can be simple, affordable and user friendly if implemented correctly. Password apps have built in features to safely and securely manage passwords. They are a web-based application, with self-service account recovery perfect for least privilege, they include enhanced dark-web scanning and secure your organizations sharing methods with encryption.
To learn more about adding this for your organization, call us at 416-900-6047 and we can walk you through adding this for your team.
-1.svg "Attitude IT: Keeping Your Technology on Course")