While breaches of major corporations continue to make headlines, the reality is that small and mid-size businesses are just as likely to be a target. In fact, a 2013 report found that 62 percent of breach victims were small to mid-size businesses. Because startups and the SMB market typically have weaker security measures in place and aren't prepared to deal with attacks, the impacts of a breach can be detrimental.
One of the simplest things entrepreneurs and SMB leaders can do to improve their security posture is to strengthen something that is often overlooked: the password. Even smaller organizations are using dozens of online solutions to manage different aspects of their business -- from sales to marketing and payroll -- and all of these require a password. More often than not, you will see passwords on sticky notes on a desk or in a word document that any employee can access. You wouldn't leave the door of your office unlocked when you leave for the day, so why are you leaving your data susceptible to attack?
Ensuring that passwords are protected and tough to crack is the first line of defense, and World Password Day (May 5) is the perfect opportunity to step back and evaluate you and your business' password practices. The good news is password security can pretty easily be enhanced by implementing basic measures that not only will make you more secure but will also streamline processes and improve productivity. Below are four considerations for improving corporate passwords:
1. Ensure access control.
Even if you have only a handful of employees, there's a good chance they all have access to important data. While some employees may not have explicit access to a specific account, if they know the passwords that are typically used, they will likely be able to access business-critical information. What's more, when these employees leave, by not updating passwords and access requirements, the business is at greater risk. Periodically reviewing access control and confirming that the employee off-boarding process includes account access measures is an easy way to protect from an attack.
2. Use unique, generated passwords for all accounts.
Creating an account and a new password is a tedious task, and it's common to just go back to the same, easy-to-remember string of letters and numbers each time. However, constructing unique passwords that include a sequence of upper and lowercase letters, numbers and special characters is necessary to keeping accounts protected. Even if you are using a random combination of letters and numbers for corporate passwords, but continue to use the same one across accounts, those accounts can be at an even higher level of risk. Major service providers have reported hackers breaking into user accounts with usernames and passwords leaked in other breaches. By using a different password for all accounts, you'll successfully stop these attempts from being successful. Easily create these amalgamations with a password generator to create strong passwords quickly.
3. Protect your password list.
With dozens of passwords and accounts, it makes sense to keep them in one place - whether they are written in a notebook or saved in a word document or spreadsheet. If this database isn't secure -- like saved on a desktop folder or shared file with no protection -- risk increases drastically. Ensuring that password lists are stored securely (and password protected!) is critical to safeguarding accounts. Password manager solutions encrypt and back-up account passwords and usernames, and will also improve productivity when sharing among team members.
4. Turn on two-factor authentication.
Two-factor authentication requires an additional step before logging into an account, even if the correct password is used -- this is usually through a push notification, text message or email that will require the user to verify that they are attempting to login to said account. Using a two-factor authentication tool provides an added level of coverage and is an easy way to secure your accounts and ensure that only the right people have access.
The reality today is that all businesses are potential targets for cybersecurity attacks. For those business leaders that don't have the time, resources or staff to invest in complex security programs, examining passwords and the tools available to you is an efficient and easy-to-implement solution to boosting security.