We could offer you one compelling reason why you need a team password manager for your small business, but why not give you 68,680,741 reasons.
In 2012, Dropbox, the popular cloud-storage platform acknowledged that a collection of users’ email addresses were compromised in a data breach. However, the company was unaware of the full extent of the breach until August 2016. Motherboard first reported that a database of over 68 million email and passwords were on the darknet marketplace. The cause of the breach wasn’t a stealthy hacker or a sophisticated malware program — it was the result of a Dropbox employee who reused his corporate password on his personal LinkedIn account. Luckily, almost 32 million of those passwords were still encrypted at the time of the theft.
No matter how many resources you pour into anti-virus and other preventative measures, it only takes one mistake by one person to put your small business at risk. Imagine all of your company, employee, and customer data getting hacked because of a single reused password.
Your employees — and their poor password habits — are the weakest link in your security architecture. Understanding the possible risks associated with passwords can help you and your employees take steps to eliminate the above scenario: educate your team and add a military-grade layer of security by adopting a team password manager.
Benevolent employees can still put your small business in harm’s way
Despite what you hear on the news, most employees are loyal and don’t intentionally expose their company to risk. For every Edward Snowden, or Dejan Karabasevic — who traded his company’s secrets for beer and access to women — there are thousands of employees who fall for phishing scams, protect their accounts with weak passwords, or simply expose passwords without meaning to.
An employee who doesn’t understand the importance of strong password habits is a major risk to small businesses.
One reason employees have poor password habits is because they have too many passwords to remember. Between passwords for work and the ever-growing number of personal passwords, the amount of information we need to retain is overwhelming:
- According to Dashlane research, an average user needs to hit the “password reset” or “forgot my password” button for about 37 accounts per year.
- By 2020, each of us will have an average of 207 total password-protected accounts on the Internet. The average Dashlane user is already on the way there — with 107 accounts registered to their primary email address. Dashlane users in the US have an even higher average number of passwords to remember — with 130 accounts registered to their primary email address.
Because they don’t want any hassle with logins, employees opt for weak, easy-to-remember passwords — and to make matters worse, they reuse those passwords everywhere.
After Yahoo announced the compromise of 500 million accounts last September, researchers from Lancaster University, China’s Peking University, and Fujian Normal University used an algorithm to crack the passwords with a 73 percent success rate.
The most popular password? “123456,” followed by “password.”
How easily would trying one of these passwords be, and how likely would it be that an outsider could use this method to break into your systems? More likely than you think, sadly.
Employees naturally opt for easy passwords to avoid being locked out, wasting time, or worse, wasting the precious time of your IT person. As a result, weak passwords based on pop culture, simple keyboard arrangements and common phrases are used, sacrificing security in your workplace for convenience.
You’d think that stricter password policies and frequent password changes would eliminate the problem — think again.
When tasked with remembering complex or often-changed passwords, employees typically record passwords for easy retrieval in unsafe, insecure locations. A walk by your front desk, workstations, and other semi-public areas can reveal this problem in a hurry. Post-it notes on walls or monitors and notebooks or cards (helpfully labeled “passwords”) expose your data to anyone who walks by.
Keep passwords in vulnerable apps or notes on computers or personal devices? A skilled hacker who knows where to look can access your network, breach your files, and exploit your systems in a heartbeat.
Remote Access and BYOD devices present new security risks
Allowing some of your team to work from home or offering remote access can boost morale and productivity, but if you are not properly storing and sharing passwords, it will also increase the chances of your small business falling victim to a breach or hacking attempt. Your risk goes up when workers use “Bring Your Own” devices (BYOD) or their own devices when you consider:
- You have limited monitoring capabilities and personal devices could go anywhere or even be lost or stolen.
- BYOD policies in the workplace are actually on the rise. In 2013, 62 percent of SMBs had an official BYOD policy in place and market researchers at Gartner predict that 85 percent of all businesses will have some form of BYOD program in place by 2020.
- Creating a BYOD program is just the start; you’ll have to shore up your entire company’s security practices — including policies on app and corporate data access and usage — to use this setup effectively.
Since the migration to BYOD programs has already begun and seems inevitable for small businesses, improving user education, security, and requiring employees to use a secure business password manager can help mitigate risk and protect your business.
Your Current Password Policies Aren’t Working
Are the policies you’ve put in place to protect your business doing more harm than good? They could be if you are requiring employees to change passwords too frequently. Additional passwords just add to the burden your team already faces when it comes to dealing with password management and according to Wired, may actually make your system less secure.
What is often accepted as conventional wisdom about the frequency of password changes may not be useful for your business at all. According to Microsoft’s Cormac Herley, Internet users routinely reject security advice for a variety of reasons and ultimately make choices that are convenient and easy, regardless of risk.
FTC’s Chief Technologist Lorrie Cranor also points out that frequent password changes incentivize individuals to create weaker passwords or to reuse old ones with just minor tweaks. If you are overly strict about password changes or require them regularly, you could be doing more harm than good. A business password manager gives you unsurpassed security and insight without requiring frequent employee password changes.
68 Million Ways Team Password Managers Protect Your Business
From password overload to the awful passwords we choose when left to our own devices, and even the boosted risk that comes from BYOD and data sharing, a password manager for teams can help your small business reduce risk.
A password manager is an application or hardware that allows individual users to organize and store passwords. Strong encryption protects your information and allows users to choose a single Master Password, which is used to decrypt that data. Once the Master Password is entered, the user is granted access to their entire vault of stored passwords.
Team password managers are ideal for small businesses that have multiple workers or workstations; they make it easy to manage and protect data and ensure that your individual employees and your entire network are secure. With a password manager for teams, you are not at the mercy of your employee’s poor password habits and can proactively manage their password health, without compromising any of their privacy.
A team password manager makes it easy for employees to safely and securely access your network and share data. You’ll be able to enjoy all the benefits of going paperless or allowing workers to work remotely because you’ll be better positioned to monitor and enforce password use. Moreover, you’ll have greater control over your passwords. As the administrator, you’ll have greater flexibility to grant and revoke access to work-related accounts and systems to select users and devices.
Internet and network security are increasingly challenging, particularly for small or mid-sized businesses that lack an IT department or simply don’t have enough of an IT department to proactively handle the password issue. A password manager offers unsurpassed insight; you’ll be able to tell at a glance how accessible your network is and uncover (and mitigate) any potential risks. Opting for a password manager for business can prevent costly breaches and downtime, and ensure that your loyal employees don’t accidently expose your business to risk.
Start protecting your business today with Dashlane Business, the team password manager trusted by more than 6,000 companies to create, enforce, and track effective access management, and features the only patented security architecture in the industry. Try it free for 30 days!