3 Billion Reasons Your Small Business Needs a Password Manager
We could offer you one compelling reason why you need a company password manager, but why not give you 3 billion reasons?
3 billion is the number of consumers who were affected in the largest-ever data breach: the 2013 Yahoo cyberattack. Attributed to actors affiliated with the Russian government, the cyberattack compromised sensitive data from Yahoo’s entire user base and didn’t become known until nearly three years later. The attack started with a spear-phishing email | 500 sent to employees, and to put it in motion, all it took was for one employee to click on the malicious email.
It’s a common tactic for cyberattackers to send a phishing email with a malicious link that enables them to harvest logins. In Yahoo’s case, once the first click gave hackers a foothold, they were able to access the company’s user database and internal tools and install a backdoor into the network. The attackers then returned 14 months later to steal the data.
Want to learn more about using a password manager for your business?
Cyberattacks impact businesses of all sizes
While not many data breaches have the magnitude Yahoo’s did, cyberattacks on businesses of all sizes occur daily—and small organizations are just as big a target. In a 2021 survey by the Identity Theft Resource Center, 58% of small business leaders said their companies had experienced a data breach and nearly a quarter of those experienced more than one.
Small businesses are an attractive opportunity for hackers because they typically have much weaker defenses than big companies. Cybercriminals also often see smaller companies as a gateway into a larger enterprise that uses those companies as a vendor or partner. According to the World Economic Forum, 88% of surveyed enterprise leaders are concerned about the resilience of small and medium-sized businesses within their supply chain, and 40% report experiencing a cyberattack within their supply chain ecosystem, which impacted their business negatively.
Since compromised logins are the launching point for a large number of attacks, adopting best practices for password management is a great place to start boosting your cyber defenses—and a business password manager makes this simple for your employees and admins.
Benevolent employees can still put your small business in harm’s way
Most employees don’t intentionally put their organization at risk. But it’s too easy to fall for clever phishing scams, use weak passwords, or simply expose passwords without meaning to. And an employee who doesn’t understand the importance of strong password habits is a major risk to your business.
One reason employees have poor password habits is because they have too many passwords to remember. Dashlane's research found that 35% of employees feel overwhelmed keeping track of all their accounts and logins. Because they don’t want any hassle with logins, employees take shortcuts such as reusing passwords—63% of employees admitted as much in one survey.
Another common shortcut is to use a weak password that’s easy to remember. How likely is it for an unauthorized person to hack into your systems by guessing a weak password? More likely than you think, sadly.
Employees naturally opt for easy passwords to avoid being locked out, wasting time, or worse, wasting the precious time of your IT person. As a result, weak passwords based on pop culture, simple keyboard arrangements, and common phrases are abundant, sacrificing security in your workplace for convenience.
You’d think stricter password policies and frequent password changes would eliminate the problem—but think again.
When tasked with remembering complex or often-changed passwords, employees typically record passwords for easy retrieval in unsafe, unsecured locations. A walk by your front desk, workstations, and other semi-public areas can reveal this problem quickly. Sticky notes on walls or monitors and notebooks or cards (helpfully labeled “passwords”) expose your data to anyone who walks by.
Do employees keep passwords in vulnerable apps, digital files, or on personal devices instead? Then a skilled hacker who knows where to look can access your network, steal your files, and exploit your systems—unless your organization knows how to protect itself.
Remote access and BYOD (Bring Your Own Devices) present new security risks
Remote work adoption has accelerated rapidly since the start of the COVID-19 pandemic. A recent Dashlane report found that only 10% of organizations don’t have any remote workers. While remote work offers your business an opportunity to boost employee morale and productivity, if you’re not properly storing and sharing passwords, it will also increase the chances that your small business will fall victim to a breach or hacking attempt.
Your risk increases when workers BYOD and use their personal devices for work. Consider that:
- You have limited monitoring capabilities when employees can take their personal devices anywhere and even lose them by theft or misplacing them.
- BYOD policies in the workplace have been on the rise.
- Creating a BYOD program is just the start; you have to shore up your entire company’s security practices—including policies on app and corporate data access and usage—to use this setup effectively.
Whether you’ve already migrated to a BYOD environment or don’t have a formal policy around it, improving user education and security and requiring employees to use a secure business password manager can help mitigate risk and protect your business.
Your current password policies aren’t working
Are the policies you’ve put in place to protect your business | 429 doing more harm than good? They could be if you require employees to change passwords too frequently. Additional passwords just add to the burden your team already faces with password management and may actually make your systems less secure.
Achieving the right balance between security and your employees’ needs is important to ensuring that your password policies get adopted across your organization. Education is a big part of this process—not only about the importance of secure passwords but also about the ease of use of your password management solution.
How a password manager protects your business
A password manager is a software application that stores your employees’ passwords in a secure location while also enabling them to easily manage their logins and create long, random, and unique passwords. The only password employees have to memorize is the master password for accessing their password manager app.
Cybersecurity authorities such as the Cybersecurity & Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST) recommend using password managers as a best practice. A password manager enables all your employees to maintain good password habits by:
- Easily creating unique and strong passwords for each of their online accounts
- Eliminating the need to remember any passwords except for the master password
- Ensuring passwords are stored securely (unlike other methods, such as sticky notes, web browsers, and spreadsheets)
- Allowing them to share passwords safely for shared accounts rather than through unsecured channels like email or Slack
- Providing a tool that’s easy to use, increasing the rate of adoption
Additionally, a password manager gives your IT admins more control over security. A password manager enables them to monitor password health across your organization, easily provision access to critical accounts and deprovision access when employees leave, and improve your organization’s security culture.
Dashlane's research found that employees and security leaders feel that adopting a password manager has boosted their organization’s security. Our survey revealed that 90% of leaders believe their organization has a lower risk of being hacked or breached due to password manager use, and 56% of employees feel the same. That’s why educating your employees about the benefits of a password manager is so important—they’re much more likely to use the tool when they understand why it matters to your business.
Cybersecurity is increasingly challenging, particularly for small or mid-sized businesses that lack an IT department or simply don’t have enough of an IT department to proactively handle password issues. Implementing an enterprise password manager can prevent costly breaches and downtime and ensure that your loyal employees don’t accidentally expose your business to risk.
Learn how a password manager can secure your critical accounts while supporting your core departments as your business grows by reading the Definitive Guide to Password Management for Small Business e-book.
Thanks! You're subscribed. Be on the lookout for updates straight to your inbox.