Unappy times for SMB password management  

By Boris Jabes, Senior Director of Product Management at LogMeIn.

  • Monday, 17th August 2015 Posted 9 years ago in by Phil Alsop

The ability to work anytime, anywhere and on any device has become a mantra for the modern day professional. To enable this, working partly or entirely through cloud-based applications has become the norm. Whether it is Google Drive, Amazon Web Services or another giant of the public cloud, the same applications we are used to using in our personal lives are becoming the backbone of business IT.

According to recent research from Enterprise Strategy Group and LogMeIn, nearly three-quarters of knowledge workers – those who handle information – say mobility is critical or important to doing their jobs productively, with 70 per cent working outside an office environment at least a few days a week. Working from these more familiar, mobile platforms then, it is unsurprising employees tend to use their own, preferred apps rather than business-provided ones, further blurring the lines between personal and professional.

For administrators, migrating tools to the cloud represents obvious cost savings and productivity gains, but 60 per cent have no policies in place to address the rise of cloud apps in the workplace. Managing the concurrent smorgasbord of identities & passwords has become a digital nightmare. Add to that the poor password hygiene of a large segment of the population, and you are stuck with gaping security holes that excite even the most novice hackers.

The ongoing password saga
While password management is not a new challenge for SMBs, it’s one that’s become far more complex given that on average individuals maintain passwords for more than 25 web apps they use for work. And the stakes for SMBs are higher than ever, as nearly 80 per cent of cloud apps and services contain sensitive, regulated or company confidential data. All it takes is one data breach to cripple a company – Gartner estimates that only 6 per cent of businesses emerge from a breach unscathed, with 43 per cent going out of business altogether.

While it may seem that maintaining good, unique passwords is a productivity killer, there are a few ways SMBs can make it easier for their employees to clean up their dirty password habits.

1. Use memorable, not guessable words. It’s shocking how often this bears repeating, but SMBs should never, under any circumstance, use easy-to-guess passwords to protect critical information. The most popular passwords in 2014 were ‘password’ and ‘123456.’ Passwords should be a combination of upper and lower case letters, numbers and symbols.
2. Use a vault. If you can remember the usernames and passwords of every application you have, you either have a photographic memory or you’re using the same credentials for each one. Since each application should have a unique password, a password vault will ease the management burden and encourage strong passwords that don’t have to be committed to memory.
3. Deploy an employee access solution. Not only do password vaults help employees stay on top of their passwords, but they can be designed for business use, as well. SMBs can manage team access so employees that join the company can be granted quick access – or remove those who leave without hassle – and allow for account sharing without sharing the password itself.
4. Use two-factor authentication. Adding an extra layer of security via two-factor authentication will make it harder for a hacker to compromise a password, especially when triggered by users exhibiting suspicious behaviour, such as switching browsers or location.

When it comes to securing corporate data in the cloud, there is no silver bullet solution. However, humans will always be the weakest link in the chain, so encouraging better password hygiene, both at the employee and IT level, is a good place to start mitigating risks. It’s time to make password management a priority to keep the business and your customers safe.