Cyberattacks are on the rise. It feels as though there’s a news story about a cyberattack on a business every week – and that’s only on the household names. We never hear about the cyberattacks on small businesses.
It is vital that businesses of all sizes have protections in place against common cyber threats. One of the most common ways businesses are attacked is through human error – cyber criminals exploiting common behaviours to try and gain access to a company’s systems. They’ll often do this by exploiting weak or reused passwords.
One way to combat this is implementing company-wide password managers. We love a password manager – they’re great for keeping records secure, meaning you only need to remember a single, strong password. But do businesses need to use specific business password managers? Or can they get away with consumer-grade ones?
Business Password Managers
Business and consumer password managers have their differences. They do have a lot of similar features, such as password generators and secure document storage, but businesses should be looking for more. Some examples include:
What is the best way to securely share a password? By email? Post it note? No! You must never take password sharing lightly. Many regular password managers allow some level of password sharing, but it isn’t always straightforward. Typically, users have to share passwords individually, and there are few restrictions on how passwords can be used once they’re shared.
Business password managers have a group management features for sharing passwords. This is particularly useful when onboarding new employees. With just a few clicks, admins can share passwords for the important business accounts to which a new employee needs access to.
Another key feature of business password managers that’s missing from some consumer-grade password managers is support for multi-factor authentication. With MFA, your accounts get an extra layer of protection. Users trying to gain access must also confirm their identity in one or more additional ways.
Additional forms of identity confirmation might include a physical device such as a phone, or use biometrics like fingerprints or voice patterns. For example, with MFA enabled, an employee may have to provide their password plus a one-time code sent to their phone, to log into an account.
Monitor Password Strength
The role of an IT administrator would be much simpler if every employee could be trusted to create strong, unique passwords for all their accounts. Imagine that! The truth is that employees are busy, and corporate security isn’t as much of a priority as it should be. Without oversight, employees often reuse passwords or create weak passwords that are easy to remember, but can be easily guessed.
With a business-grade password manager, administrators can set rules around how strong passwords must be. For example, an administrator can require that all passwords contain one or more special characters. Administrators can also automatically block employees from using the same password for multiple accounts.
Single Sign On
Another significant downside of using a consumer-grade password manager for business applications is that they generally don’t support single sign-on (SSO). Single sign-on is a type of authentication that allows a user to log in with a username and password, and then access a variety of applications.
SSO is also important because it’s part of broader identity and access management approaches. With single sign-on in place, IT admins can quickly modify a user’s access permissions across a range of apps, or even block them from accessing a business’s network.
Knowledge of compromises
While the goal of using a password manager is to prevent intrusions into your network, intruders sometimes find a way through. When this happens, IT administrators require tools at hand to find network intruders and eject them. Consumer-grade password managers don’t offer much help for this process. They offer very little information about which passwords were used, and when.
Alternatively, business password managers provide detailed analytics and audit logs that administrators can use to find out where a breach started, as well as how far it has progressed. The data in these logs offers information about specific passwords, when they were used, what device or location a login came from, and more. The data can be used to spot unusual login activity that might signal an intruder’s movements through a network.