There are an increasing number of stories focused on the danger for small businesses of not being secure online. The influx of malware and ransomware and the fact that 70% of all cyber attacks are against small businesses rightfully have a lot of small business owners concerned. But, the reason for these risks are surprisingly simple in most cases. The vast majority of hacks are because of human error or small security holes that can be easily patched - primary among them, password management. To address this issue and ensure your business is prepared against common hacks and social engineering that target user passwords, here are some of the most common problems faced and how to address them:
Employees Using Their Own Devices
More than 70% of employees access company data from a personal smart phone or tablet at some point. These devices are not always secured the same as your company computers and there's no way to manage their use of passwords or to ensure they avoid open public networks. A strong BYOD policy can ensure employees are more rigorous in protecting company data, and that they use the password manager or system that you put in place to protect against data loss. With employees increasingly working from home or remotely, small businesses should consider what sensitive information is needed for employees to do their jobs, and whether that could end up on a personal device. In cases where this is necessary, providing Virtual Private Networks (VPNs) and a password manager that supports secure sharing is essential. Also, consider doing regular training to ensure employees understand the potential risks and threaten from connecting on unsecure networks (see below).
Shared or Default Passwords
Default passwords setup during development or when a new account is created are often not changed, and worse, they can be shared easily between users. In small organizations and startups especially, this is a common problem as software seats may be limited or resources may be shared from a single account. All users should use unique passwords that meet strict guidelines and that they are updated regularly. Default passwords should require update immediately upon account creation, and you should utilize a password manager for all account sharing, and cloud storage for file access sharing. It is far better to use a password generator to set a long, unique password. These generators are built into most password managers, and those passwords can be safely shared with multiple teammates.
Passwords Aren't Secure to Start
One of the most common problems with passwords is if they are easy to remember, they are also easy to guess! Many people erroneously think that a short password with lots of different character types is secure, when in reality the only way to ensure a truly secure password is to make it at least 12 characters long and somewhat arbitrary. Length is better than complexity in almost every situation with passwords, and keeping them long and complex is the way to go. Random password generators can ensure you have this for all passwords, but without a password manager to organize them, they become impossible to remember and quickly revert for many employees to something simple. In cases where a password must be memorized (like the master password for your password generator), consider using a passphrase (like TeamPassword-is-a-Blue-Padlock) or a mix of different things (like color+animal+place to get Blue-Flamingo-from-Timbuktu). These are surprisingly easy to remember, and if they are over 12 characters and use unusual or non-dictionary words they are very hard to crack.
Untrained Employees Posing a Risk
The single most common access point for hackers is your staff. Social engineering through unsolicited attachments, spoofed phone calls, or even looking over the shoulder of someone in a coffee shop leads to more hacks and data loss than malicious data breaches. Train your employees to spot phishing emails and protect with common sense procedures and best practices that you can followup on. With the right combination of password management, training, and procedures for your business, you can greatly reduce the risk of a hack and data loss for your business. The reason so many hackers target small businesses is that they are easy targets without the protocols of enterprise level organizations. Remove the low hanging fruit, and you can keep your company much safer from cyber risk.
Using a secure password manager that supports sharing helps address these problems. TeamPassword's intuitive interface makes it the simplest and most secure way to store and share passwords with your team. Find out today by starting our free 14-day trial.