Password Management for Small Business

zach-katkinBy: Zach Katkin, President of Atilus

What’s in a password? Given access to your email I could probably shut down your bank account tomorrow and possibly steal your identity within a matter of hours. We all know what passwords are, what they’re meant to protect, but managing them is a cumbersome task. If this is difficult personally, at first it might seem like it’s damn-near-impossible as a small or medium-sized business.

But, managing passwords is not. There are tools out there to make things easy, and they don’t sacrifice security for speed and ease-of-use.

Why Passwords Are Important and How They Impose a Security Risk

Passwords are important as they secure your money, they keep your email private, but as a company, they pose a real way that current or former employees, competitors, and less-than-savory figures can do you harm, and if nothing else cause you lost time and money. In fact, passwords are so important that if your business accepts credit cards PCI Compliance mandates that your business have in place particular password policies for your hardware and software – and if you are found not to be in compliance – it can cost you tens of thousands of dollars in fines from the major Credit Card networks.

So how do you ensure that each of these accounts remains protected? First, by abiding by some basic best-practices and second, by using LastPass which helps you manage your various accounts.

Password & Account Management Best-Practices

Never re-use a password – The interesting thing about passwords is that when one falls many additional accounts typically fall along with it. For example if someone learns your email password (which is one of the worst) they can quickly do a search across the web for your accounts with the same name and simply try that same password. Often…. Voila… they have access to ALL of those new accounts.

You can avoid this by simply never re-using a password.

Use software that allows you to marry your login to your person – Another advancement in password technology that has gained a lot of momentum, is easy-to-use, and ultra-secure is two-factor authentication. Two factor sounds fancy, but as its name implies – it is simply needing two kinds of verification to login. One is typically your password, and the second, is a random number that your phone generates. Even if you ignore EVERYTHING in this article – check out two factor authentication (http://www.authy.com) – particularly for your email and your banking.

There are a couple of tools out there, but in a nutshell this is a program you install on your phone that generates a code every couple of seconds that is specific to your account. So you can ONLY login to a particular website, etc. if you have BOTH thee correct login (username/password and code). And because this code is married to your phone – a device that you have on your person – it’s MUCH harder to crack.

Utilize Access Rights & Try Not to Share Accounts – Sharing an account by sharing your username/password – is often thought of as the easiest way to give others the ability to share an account however, now-a-days many services provide you, their users (particularly business users) the ability to add other people to the account – either with their existing logins – or with one they create. Take a few extra seconds to check to see if you can do this – and add your employees, friends, family, etc. as users moving forward.

Utilize a Password Management Tool

I’ve heard of businesses that use a spreadsheet to keep track of everything (and I have to admit I personally did this at one time). But today we use a password management tool called LastPass. We’ve experimented with a few others (including the Apple favorite – OnePassword), however LastPass has been one of the best tools we’ve found to help us accomplish all of the above. With this one tool – we can provide our employees access to all of the resources they need, nothing they don’t, all while never actually revealing or providing them with the login for the website or tool they need to login to.

Without these best-practices businesses run the risk of having to clean up hacked websites (which can cost thousands of dollars), hacked email, stolen intellectual property, or lawsuits. However, having a good password-policy in place, and using a password management tool like LastPass is one of those tricky (only-in-hindsight) business decisions. Where a slight investment upfront, pays off in spades – and if everything goes according to plan it will ensure that nothing ever happens.

No comments yet.

Leave a Reply