In a business environment, duties and data is shared. As such, employees require access to the multiple platforms, programs, and databases. Subsequently, each account requires unique credentials that must either be assigned or shared. Both in the case of assignment and sharing, credentials are often insecurely provided using methods such as email, SMS, sticky notes, or IM. In addition, in cases of employee turnover, system passwords must be updated often causing a halt in productivity until such updates are completed.
According to a report by the U.S’ National Cyber Security Alliance, 60% of small businesses collapse within six months of a security breach.2 In addition, the Verizon 2017 Data Breach Investigations Report (DBIR) found that sixty-one percent of the data breach victims were organizations with under 1,000 employees.3 These statistics are unsurprising, however, as small businesses often lack the bandwidth and financial resources required for cybersecurity.
While hindsight is 20/20, management must focus on preventing threats rather than mitigating damage; apathy in the present can easily translate to future calls of ‘company negligence.’ As with most policies, cybersecurity must be employee-centric. All too often there is a tendency to move towards third party and cloud-based solutions, while neglecting the reality that each of these tools (however useful they may be) expand exposure, giving hackers additional opportunities for exploitation. Companies must understand that third parties and cloud-based solutions will not resolve insecurities resulting from internal credential sharing.
Hackers often do not need to employ highly sophisticated tactics or find secret backdoors as access can effectively be gained through simple social engineering such as phishing attacks. According to the same Verizon 2017 report, eighty-one percent of hacking-related breaches used either stolen or weak passwords. Two of the largest data breaches reported to date, Home Depot and eBay in 2014, were a result of stolen login credentials.
RoboForm for Business is a safe, simple, and affordable password management solution. The secure password sharing mechanism is based on a public-private key exchange, allowing company admins to share logins with individuals or groups of employees without compromising security. Admins can create an unlimited number of custom defined sharing groups with unique permission levels for each user. Logins can then be deployed without ever revealing their associated passwords, while users maintain the ability to quickly and efficiently log in to sites with a single click. Once an employee leaves the company or simply no longer requires access to a given platform or program, the admin can quickly delete or suspend the employee’s RoboForm account, or just remove them from the associated sharing group. Such action is not only secure and effective, but also efficient and fiscally conservative. Help Desk requests for password resets cost time and money, redirecting resources from larger projects to time consuming administrative tasks.
Prevention, by nature, is offensive. Cybersecurity requires an upfront investment, but the investment needn’t be dramatic. Leadership must implement easy and effective cybersecurity policies and procedures, proactively sharing the responsibility of protecting a company’s well-being. Small actions can produce dramatic results. Companies can and should invest in the security of their future with the simple and seamless integration of RoboForm for Business. Take the first step and sign up for your free 14-day trial today.
Sources:
-
https://www.infosecurity-magazine.com/next-gen-infosec/lax-online-security-can-destroy/
-
https://hbr.org/2017/05/the-best-cybersecurity-investment-you-can-make-is-better-training?utm_campaign=crowdfire&utm_content=crowdfire&utm_medium=social&utm_source=twitter#227423290-tw#1495049348665
-
https://healthitsecurity.com/news/verizon-finds-phishing-attacks-malware-top-data-breach-causes