How to incorporate password protection into your wider security strategy
A comprehensive security strategy needs to incorporate password protection
The spectre of security breaches continues to plague businesses well into this year, with the latest edition of the government’s Cyber Security Breaches Survey serving as a stark reminder of the threat both enterprises and small- and medium-sized businesses (SMBs) face. Of the organisations reporting cyber attacks, 31% estimate they were attacked on average once a week, while one in five reported a negative outcome as a direct consequence of a cyber attack.
In today’s climate, it’s more important than ever for SMBs and larger enterprises to solidify a comprehensive and broad cyber security strategy. This spans hardening the network infrastructure against infiltration to implementing firewalls and securing endpoint devices. One aspect of a business’s security strategy that’s frequently taken for granted, however, is password security. Password security is a common pain point because it might seem relatively straightforward to get right. As a result, it’s easy to overlook.
Plugging the gaps
Indeed, according to Verizon’s latest data breach report, 81% of hacking-related breaches exploited stolen and/or weak employee passwords. Password hygiene is a major issue across society – not just in the business world – with some of the most common passwords last year including ‘123456’ and ‘password’, which are used by millions of people. This reality is, sadly, also reflected across SMBs and enterprises, with Verizon’s research finding that 70% of employees reuse passwords at work, even though 91% know reusing passwords is poor practice. To make matters worse, 59% reuse passwords everywhere – in their personal and professional lives.
It’s important that organisations prioritise protecting login credentials across the breadth of their business, while layering this into the overall cyber security strategy alongside other practices like employee training and routine backups. This might not be as easy as it sounds, especially for SMBs that are particularly stretched on monetary and human resources. However, a number of inexpensive, low-maintenance tools exist to help businesses get on top of password security, including those offered by Keeper Security.
Building your cyber security layers
In modern data environments, comprehensive cybersecurity requires multiple layers of defence that work together. These layers would naturally include elements like cyber security training, as well as investing in protecting your endpoint devices. The starting point for defence-in-depth security is to implement a clearly defined access policy that determines which employees have access to what systems and data, as well as how passwords are created and stored.
First and foremost, your business must identify its weakest points in order to understand where there might be shortcomings. To achieve this, a business must assess who has access to what data and software, establish whether they need to have access to the elements of the business they do, and limit access if need be. This includes not just full-time employees but also remote workers, contractors, part-time staff and anybody who interacts with the systems that power your business. As a rule, the more people who have access to software or data, the broader your attack surface will be. There will be, unfortunately, more opportunities for a data breach, given that most threats originate from within.
Businesses at this stage must create concrete policies around password management. This is a key step in building a multi-layered cyber security strategy. To that end, tools such as those provided by Keeper Security are key to implementing a zero-trust and zero-knowledge approach. In addition to password management and security, this approach requires secrets management, privileged access management (PAM), remote infrastructure security and encrypted messaging. In practice, this translates into using a unique encryption and data segregation framework to protect against remote data breaches.
The zero-trust security model is centred around the principles of assuming a breach, verifying explicitly and ensuring least-privilege access. An affordable and easy-to-use enterprise password manager (EPM) allows organisations to implement zero-trust network access while slashing administrative overhead. This improves reliability and performance while boosting employee productivity. Administrators will get access to the tools they need to enforce robust password security, verify users and devices and manage role-based access controls alongside least-privilege access and other policies like multi-factor authentication (MFA).
Security for businesses of all sizes
Beyond EPM, Keeper Security offers a variety of products aimed at different-sized organisations, including Keeper Business and Keeper Enterprise, both of which apply least-privilege and zero-trust principles to password management. These foundational ideas form the basis of an essential identity access management (IAM) strategy.
Keeper Business provides businesses with complete visibility into employee password practices while giving them the tools to enforce company policies, monitor compliance and generate audit trails and reports. Keeper Enterprise, meanwhile, adds SSO support, SAML 2.0 authentication, automated team management, advanced MFA, alongside a host of advanced capabilities for larger businesses with hundreds of employees.
Keeper’s products, for which free trials and one-to-one demos are available, serve as a means to block some of the most common pathways to a data breach. You’ll be able to protect your organisation against a variety of threats, including those emanating from the dark web, while securely sharing passwords and applying information security best practice across your organisation’s data environment, regardless of its size or complexity.
Password protection is fundamental to creating a robust and holistic security strategy to keep your organisation safe from data breaches, ransomware and other password-related cyber attacks.
The Total Economic Impact™ Of Turbonomic Application Resource Management for IBM Cloud® Paks
Business benefits and cost savings enabled by IBM Turbonomic Application Resource ManagementFree Download
The Total Economic Impact™ of IBM Watson Assistant
Cost savings and business benefits enabled by Watson AssistantFree Download
The field guide to application modernisation
Moving forward with your enterprise application portfolioFree Download
AI for customer service
Discover the industry-leading AI platform that customers and employees want to useFree Download