01 Mar Small Business Password Security
With the Cloudflare security leak fresh in our memories, now is a great time to remind everyone – especially small business owners – about the importance of small business password security.
Passwords are a pain – for everyone
Passwords are the bane of any internet user’s existence. They also cause headaches for IT guys like us. The Gartner Group estimates that somewhere between 20-50% of all help desk calls are about passwords. But however annoying they are, passwords are absolutely necessary to keep you, your money and your privacy protected.
Some experts predict passwords will soon be obsolete, but let’s not hold our breath. Right now, passwords are very necessary, so let’s make sure your business and personal information stays safe.
I’m sure you know the password basics…
- Don’t use “password” as a password.
- Don’t use the same password for every password.
- Don’t share your password.
How are you doing so far?
My guess is….not so good. If you are being honest with yourself, I bet you have violated rules #2 and #3. Repeatedly. Am I right?
Of course I’m right! …and not because I’m a know-it-all.
I KNOW because small business owners just like you give our company their passwords every day. AND – we can see that they use the same password (with slight variations) over and over again.
Why can’t you just create one super amazing password and then use it again and again?
Because passwords are like keys.
If you had the same key made for your house, office and car, then one lost key could compromise the security of everything you own.
Passwords work the same way. Say your Twitter account is hacked, and you only use one password: the same thief now has access to your work email, pictures stored on your phone, and Amazon credit card info. Just read the story of this legendary “epic hacking” fiasco to see how bad it can get.
If you use different passwords for every account, it doesn’t matter if they’re simple, right? WRONG!
There’s a lot of smart, yet unscrupulous people out there. Hackers have automated systems that can run thousands of password attempts a minute, so if you go with 1234 or password — or even any common word or phrase — you’re at a big risk for being hacked.
How should you manage your passwords?
First of all, the Internet has lots of good advice on how to best manage your passwords. Here’s some great advice passed on from MIT’s Password Security Recommendations.
“Keeping your password safe MIT’s network is under constant and heavy attack from automated password crackers running against MIT’s authentication systems. Take the following precautions to protect your password.
- Sign up for the (free) LastPass Enterprise password management system.
- Change your password at regular intervals.
- Use a strong password.
- Never tell anyone your password or hinting at it, not even to friends, colleagues, system administrators, and account managers.
- Pick a password you can remember and don’t need to write down.
- Lock your screen or log out when stepping away from a computer, especially in a public area.
- Use a temporary password when using a public computer or a public network to access confidential information.
- Ignore requests by websites or browsers to “remember” your password.”
A good password management solution can help.
Password managers provide an excellent and easy solution. One master password gets you into your “vault”, which stores various secure passwords for all your accounts. This is done with encryption, so you are the only person who can see all your passwords — even the password manager company can’t view this information because of how it’s stored.
With only one password to remember, it’s a no-brainer to think of a good one and to change it regularly. According to PC Magazine, LastPass, Dashlane, and RoboForm are some of the best options out there. And to make it even harder to say no, all of these companies have free entry-level tools.
Use the small business password management option for greater control.
Employee accounts and access across devices (great for remote work!) are secure and encrypted at every level when a business chooses to use a password manager. Employers don’t have to worry about their employees creating insecure passwords, and they can also easily authorize and revoke employee access to secure information.
It’s a win-win. You get peace of mind about network security and no more lost time trying to remember passwords.
Now did you go reset all your passwords like I recommended? If not, it may be the perfect time to check out one of those password management tools. Some of them allow you to reset multiple passwords with one click.