IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

How to incorporate password protection into your wider security strategy

A comprehensive security strategy needs to incorporate password protection

Graphic of padlocks in hexagons

The spectre of security breaches continues to plague businesses well into this year, with the latest edition of the government’s Cyber Security Breaches Survey serving as a stark reminder of the threat both enterprises and small- and medium-sized businesses (SMBs) face. Of the organisations reporting cyber attacks, 31% estimate they were attacked on average once a week, while one in five reported a negative outcome as a direct consequence of a cyber attack.

In today’s climate, it’s more important than ever for SMBs and larger enterprises to solidify a comprehensive and broad cyber security strategy. This spans hardening the network infrastructure against infiltration to implementing firewalls and securing endpoint devices. One aspect of a business’s security strategy that’s frequently taken for granted, however, is password security. Password security is a common pain point because it might seem relatively straightforward to get right. As a result, it’s easy to overlook.

Plugging the gaps 

Indeed, according to Verizon’s latest data breach report, 81% of hacking-related breaches exploited stolen and/or weak employee passwords. Password hygiene is a major issue across society – not just in the business world – with some of the most common passwords last year including ‘123456’ and ‘password’, which are used by millions of people. This reality is, sadly, also reflected across SMBs and enterprises, with Verizon’s research finding that 70% of employees reuse passwords at work, even though 91% know reusing passwords is poor practice. To make matters worse, 59% reuse passwords everywhere – in their personal and professional lives.

It’s important that organisations prioritise protecting login credentials across the breadth of their business, while layering this into the overall cyber security strategy alongside other practices like employee training and routine backups. This might not be as easy as it sounds, especially for SMBs that are particularly stretched on monetary and human resources. However, a number of inexpensive, low-maintenance tools exist to help businesses get on top of password security, including those offered by Keeper Security.

Building your cyber security layers

In modern data environments, comprehensive cybersecurity requires multiple layers of defence that work together. These layers would naturally include elements like cyber security training, as well as investing in protecting your endpoint devices. The starting point for defence-in-depth security is to implement a clearly defined access policy that determines which employees have access to what systems and data, as well as how passwords are created and stored.

First and foremost, your business must identify its weakest points in order to understand where there might be shortcomings. To achieve this, a business must assess who has access to what data and software, establish whether they need to have access to the elements of the business they do, and limit access if need be. This includes not just full-time employees but also remote workers, contractors, part-time staff and anybody who interacts with the systems that power your business. As a rule, the more people who have access to software or data, the broader your attack surface will be. There will be, unfortunately, more opportunities for a data breach, given that most threats originate from within.

Businesses at this stage must create concrete policies around password management. This is a key step in building a multi-layered cyber security strategy. To that end, tools such as those provided by Keeper Security are key to implementing a zero-trust and zero-knowledge approach. In addition to password management and security, this approach requires secrets management, privileged access management (PAM), remote infrastructure security and encrypted messaging. In practice, this translates into using a unique encryption and data segregation framework to protect against remote data breaches.

The zero-trust security model is centred around the principles of assuming a breach, verifying explicitly and ensuring least-privilege access. An affordable and easy-to-use enterprise password manager (EPM) allows organisations to implement zero-trust network access while slashing administrative overhead. This improves reliability and performance while boosting employee productivity. Administrators will get access to the tools they need to enforce robust password security, verify users and devices and manage role-based access controls alongside least-privilege access and other policies like multi-factor authentication (MFA).

Security for businesses of all sizes

Beyond EPM, Keeper Security offers a variety of products aimed at different-sized organisations, including Keeper Business and Keeper Enterprise, both of which apply least-privilege and zero-trust principles to password management. These foundational ideas form the basis of an essential identity access management (IAM) strategy.

Keeper Business provides businesses with complete visibility into employee password practices while giving them the tools to enforce company policies, monitor compliance and generate audit trails and reports. Keeper Enterprise, meanwhile, adds SSO support, SAML 2.0 authentication, automated team management, advanced MFA, alongside a host of advanced capabilities for larger businesses with hundreds of employees.

Keeper’s products, for which free trials and one-to-one demos are available, serve as a means to block some of the most common pathways to a data breach. You’ll be able to protect your organisation against a variety of threats, including those emanating from the dark web, while securely sharing passwords and applying information security best practice across your organisation’s data environment, regardless of its size or complexity.

Password protection is fundamental to creating a robust and holistic security strategy to keep your organisation safe from data breaches, ransomware and other password-related cyber attacks.

Try Keeper for free today or book a personalised demo to learn more about the best way to protect your organisation from cyberattacks

Featured Resources

The Total Economic Impact™ Of Turbonomic Application Resource Management for IBM Cloud® Paks

Business benefits and cost savings enabled by IBM Turbonomic Application Resource Management

Free Download

The Total Economic Impact™ of IBM Watson Assistant

Cost savings and business benefits enabled by Watson Assistant

Free Download

The field guide to application modernisation

Moving forward with your enterprise application portfolio

Free Download

AI for customer service

Discover the industry-leading AI platform that customers and employees want to use

Free Download

Recommended

Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
Should you take your password manager off the internet?
Sponsored

Should you take your password manager off the internet?

28 Jul 2022
The psychology of secure passwords
Sponsored

The psychology of secure passwords

14 Jul 2022
Google merges Chrome and Android password managers after community feedback
Security

Google merges Chrome and Android password managers after community feedback

1 Jul 2022

Most Popular

Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
Google is now spending a staggering amount on blockchain
Business strategy

Google is now spending a staggering amount on blockchain

17 Aug 2022
UK water supplier confirms hack by Cl0p ransomware gang
ransomware

UK water supplier confirms hack by Cl0p ransomware gang

16 Aug 2022