Password Best Practices to Prevent Cyber Risk 

Cyber risk has never been more expensive. The average cost of a data breach is $4.45 million, and it's still rising. For a SMB with limited resources, a single breach could mean the end of the business. No one can afford to pretend the risk doesn't exist, as doing nothing could mean losing everything.  Fortunately, there are common-sense steps you can take to improve your company's cyber security without breaking the bank. These five password best practices can help your SMB prevent cyber threats and reduce the likelihood of a data breach.

1. Create complex, unique passwords

According to the Psychology of Passwords 2022 Report, 69% of people say they would create a stronger or more complex password to secure their financial accounts, but just 33% of them say the same when it comes to their work accounts. If you don't require your employees to create complex and unique passwords for each of the accounts they use on the job, now is the time to begin doing so. Otherwise, you are potentially putting your business and your customers at major risk for a data breach. A password manager can automatically generate complex passwords for each of your employees whenever they need them, taking the guesswork out of the process.

2. Never re-use passwords

When there's an overflowing list of things to do and only so many hours in the day to do them, it's tempting for a busy employee to cut corners on password security. While asking themself, "Who wants my password, anyway?", they might decide to use the same password across multiple work accounts just to get things done a little bit faster. As the Psychology of Passwords 2022 Report found, 89% of knowledge workers are aware that using the same password or a variation of it is a risk, but 62% of them go ahead and do it anyway. The problem with employee password re-use is that if a cyber attacker manages to steal, guess, or even buy that one password (yes, you read that right – malicious actors are known to buy and sell packages of passwords on the dark web), then that means they have full access to not just one but all of the employee's accounts. A security issue that could have been limited to just one area of your business infrastructure has now become a far larger and more serious threat. For this reason, it's a good idea to prohibit your employees from re-using passwords on multiple accounts.

3. Securely share passwords

Password sharing is pretty commonplace at most companies. According to the 3rd Annual Global Password Security Report, a business uses 185 shared folders on average. Sometimes employees share passwords because their department or team only has one or two licenses for a service that multiple people need to use. Other times, they may need to share certain applications or resources with external contractors or organizations.  Although these are understandable reasons for sharing passwords, it's essential to make sure this happens securely. A password manager can help your employees share passwords simply and safely using secure, team-based shared folders. This way, your business can keep work humming along without having to worry about an important password falling into the wrong hands.

4. Use a password manager

Employees have too many passwords to manage on their own. As the 3rd Annual Global Password Security Report points out, someone who works at a small business (defined as a company with 1 – 25 employees) has 85 passwords to keep track of on average, while their counterpart at a large firm (defined as a business with 1,001 – 10,000 employees) only has to deal with 25 passwords.  With this many passwords to stay on top of, it's no wonder that employees come up with workarounds like re-using passwords. But there's a better, more secure way to handle this typical problem. A password manager gives each of your employees their own personalized, easy to use vault for storing all of their passwords. It also comes with a robust admin dashboard that makes it easier for your IT team to manage password security for the entire business. 

5. Add MFA

Even if you implement all of the password best practices listed above, you won't be able to fully secure your business data using passwords alone. If someone manages to get a hold of just one of your employees' passwords – and, unfortunately, that's only a matter of time – your company could fall victim to a devastating data breach before it even realized what was going on.  Multi-factor authentication (MFA) adds another layer to the authentication process, significantly reducing the chances that a bad actor will be able to cause mischief even if they nab one of your employees' passwords. MFA introduces a second form of authentication that verifies a user's identity before granting them access. Your IT team can set it up using convenient mobile device push notifications; biometrics like face and fingerprint scans; voice recognition; SMS codes; and one-time passwords (OTPs).  With MFA in place, a hacker will have a much harder time posing as one of your employees. If they do try to log into one of your employees' accounts and are met with an MFA challenge they can't pass, your employee will then have a timely heads up that something may be amiss. That way, they can promptly update their password and alert the IT team that something suspicious may be going on.

Password best practices can help you reduce cyber risk

Data breaches have never been more expensive or more likely to happen than they are now, and that's cause for any SMB to be concerned. Just one data breach could spell the end of the company – something no one who works at a SMB wants to hear. These five password best practices can help your business reduce its current level of cyber risk, shielding employee work accounts and business data from opportunistic bad actors. That way, you and your colleagues can focus on driving the company forward rather than looking anxiously back at the rear view mirror. Learn more here.