You’ve found the perfect business password manager. Here’s how to implement it company-wide and do away with ineffective password solutions for good.
With the addition of every new business tool, those responsible for implementing it brace for an inevitable learning curve. Finding solutions that are easy for everyone to use can help quell the pain of “grudge adoption.” But knowing the ins and outs of each tool’s features and functionality, no matter how easy it is to use, can ensure a smooth integration—and password managers are no exception.
Once you’ve found a business password manager that checks all of the boxes for your organization’s needs, it’s time to get up close and personal with it. Having a rock-solid understanding will help you implement it throughout the company, from onboarding all the way to reaping all the long-term security benefits of such a multifaceted tool.
Here are five steps to successfully launching for a password manager in your organization:
1. Understand how new users are added
Password managers typically offer several ways to add users:
SSO: Single sign-on (SSO) is an identification and authentication system that allows users to log in to different systems, websites, and applications with one username and password, also known as an enterprise identity. After enabling SSO for the password manager, you can invite employees via email to join the company account. The emailed link takes them to your organization’s SSO login to complete a simple setup process.
Active directory: If you’re rolling out a password manager to many users at once, you can opt for an automated process that sends an email invitation to an active directory. Simply sync your password manager to a supported active directory, such as Microsoft AD. Synced email addresses that are not enrolled in the plan will automatically receive an email invitation.
Manual invites: Admins can invite specific users through the admin console, either by typing in an email address or importing a .cvs or .txt file.
2. Set new password policies
Password managers will replace some learned and ingrained employee habits around passwords and data security, so it’s best to distribute a policy document outlining the new procedures, requirements, and expectations that go along with a password manager.
No need to get too wordy! The policy document can be very simple—shorter than a page—but should cover the following:
- The approved password management solutions. Of course, a password manager is most effective when used company-wide and for all passwords. Not only does this ensure more protection against hackers and bad actors, it also means that employees only need to remember one master password, therefore making work-life easier for employees and admins alike.
- The acceptable security score for employees’ credentials. Your password manager will provide scores for individuals and admins for their business accounts, taking into account password strength, whether or not it’s a reused password, or if it’s compromised. Let employees know the required security score for their business passwords and tips for achieving it, as well as strategies for creating strong master passwords.
- Basic best practices, including for sharing and storing passwords. Having a password manager means no more sticky notes, jotting down passwords in notebooks, or sending passwords over Slack. Some password storage solutions might already be in place, like browser password storage through Chrome or Firefox add-ons. Make sure your employees know that a password manager will replace these solutions.
Check out an example of a deployment guide you can use to help your team get started.
3. Kickstart conversations about security
Your security tools are ineffective without a strong security culture. If your employees don’t understand their role in protecting your organization—and how important digital security is in the first place— they’re less likely to follow protocols.
Start conversations across the organization prior to the launch to improve employee participation. These conversations should focus on why data privacy and security are important to your business, why employees play an active role in safeguarding data, and how they can help improve the company’s cybersecurity.
You can even ask employees to follow the vendor’s blog or Twitter so they can stay in the loop about security culture, hacks and breaches, and the importance of a password manager.
4. Communicate your policy changes
Make sure your employees know what to expect before launching the password manager. Announce the upcoming security procedures and share new password policies with your employees.
Here are some things to include:
- General announcement
- New policy document
- User FAQ and information about training
- Post-deployment reminders and follow-ups
5. Conduct employee training
Don’t just send information in an email and let it speak for itself. Consider offering additional options such as a live or on-demand webinar, as well as other internal resources that employees can access for help. Include password management training in your onboarding experience for new employees. You can also ask your vendor for training videos and other materials that you can share.