The spectre of security breaches continues to plague businesses, with the latest edition of the government’s Cyber Security Breaches Survey serving as a stark reminder of the threat both enterprises and small- and medium-sized businesses (SMBs) face. Of the organisations reporting cyber attacks, 31% estimate they were attacked on average once a week, while one in five reported a negative outcome as a direct consequence of a cyber attack.
In today’s climate, it’s more important than ever for SMBs and larger enterprises to solidify a comprehensive and broad cyber security strategy. This spans hardening the network infrastructure against infiltration to implementing firewalls and securing endpoint devices.
One aspect of a business’s security strategy that’s frequently taken for granted, however, is password security. Password protection is a common pain point because it might seem relatively straightforward to get right. As a result, it’s easy to overlook.
Indeed, according to Verizon’s latest data breach report, 81% of hacking-related breaches exploited stolen and/or weak employee passwords.
Password hygiene is a major issue across society – not just in the business world – with some of the most common passwords last year including ‘123456’ and ‘password’, which are used by millions of people. Given that simple passwords like this can be brute forced instantly, it is no surprise that compromising weak passwords is an easy entry point for hackers. Only increasing the length and the complexity can start to protect your passwords from this threat.
Once a password is breached, it leaves the door open if it is reused across accounts. Across SMBs and enterprises, Verizon’s research found that 70% of employees reuse passwords at work, even though 91% know reusing passwords is poor practice. To make matters worse, 59% reuse passwords everywhere – in their personal and professional lives.
It’s important that organisations prioritise protecting login credentials and using complex passwords across the breadth of their business, while layering this into the overall cyber security strategy alongside other practices like employee training and routine backups. This might not be as easy as it sounds, especially for SMBs that are particularly stretched on monetary and human resources.
However, a number of inexpensive, low-maintenance tools exist to help businesses get on top of password security, including those offered by Keeper Security, a password and secrets manager for protecting businesses and families from cyberthreats and with whom we work alongside to help protect our clients’ credentials. In addition, read up on our top password tips.
In modern data environments, comprehensive cybersecurity requires multiple layers of defence that work together. These layers would naturally include elements like cyber security training, as well as investing in protecting your endpoint devices. The starting point for defence-in-depth security is to implement a clearly defined access policy that determines which employees have access to what systems and data, as well as how passwords are created and stored.
First and foremost, your business must identify its weakest points in order to understand where there might be shortcomings. To achieve this, a business must assess who has access to what data and software, establish whether they need to have access to the elements of the business they do, and limit access if need be. This includes not just full-time employees but also remote workers, contractors, part-time staff and anybody who interacts with the systems that power your business. As a rule, the more people who have access to software or data, the broader your attack surface will be.
Businesses at this stage must create concrete policies around password management. This is a key step in building a multi-layered cyber security strategy. To that end, tools such as those provided by Keeper Security are key to implementing a zero-trust and zero-knowledge approach. In addition to password management and security, this approach requires secrets management, privileged access management (PAM), remote infrastructure security and encrypted messaging. In practice, this translates into using a unique encryption and data segregation framework to protect against remote data breaches.
The zero-trust security model is centred around the principles of assuming a breach, verifying explicitly and ensuring least-privilege access. An affordable and easy-to-use enterprise password manager (EPM) allows organisations to implement zero-trust network access while slashing administrative overhead. This improves reliability and performance while boosting employee productivity. Administrators will get access to the tools they need to enforce robust password security, verify users and devices and manage role-based access controls alongside least-privilege access and other policies like multi-factor authentication (MFA).
Beyond EPM, Keeper Security offers a variety of products aimed at different-sized organisations, including Keeper Business and Keeper Enterprise, both of which apply least-privilege and zero-trust principles to password management. These foundational ideas form the basis of an essential identity access management (IAM) strategy.
Keeper Business provides businesses with complete visibility into employee password practices while giving them the tools to enforce company policies, monitor compliance and generate audit trails and reports. Keeper Enterprise, meanwhile, adds SSO support, SAML 2.0 authentication, automated team management, advanced MFA, alongside a host of advanced capabilities for larger businesses with hundreds of employees.
Keeper’s products, for which free trials and one-to-one demos are available, serve as a means to block some of the most common pathways to a data breach. You’ll be able to protect your organisation against a variety of threats, including those emanating from the dark web, while securely sharing passwords and applying information security best practice across your organisation’s data environment, regardless of its size or complexity.
Password protection is fundamental to creating a robust and holistic security strategy to keep your organisation safe from data breaches, ransomware and other password-related cyber attacks.