Wednesday, April 15, 2020
Using SaaS for businesses large and small is simply a fact of life today. Even Photoshop these days is a SaaS product and requires login credentials. A business can quickly find themselves having to create and manage 20-30 or more passwords for different SaaS products and services. If they do a poor job at this they can become more vulnerable to hackers.
The first problem is the employee or business owner is likely to use a password they've used before, maybe even the same password used to access critical data in your network. It's also likely not a very strong password containing different characters and numbers since most people opt for an 'easy to remember' password. These can easily be brute forced using software that can guess 100s of passwords per second.
The second problem they make is with secure storage. I've seen countless businesses write their passwords on sticky notes that are clearly visible to the public or they store them on a computer without proper threat detection or antivirus software in an unencrypted notepad document.
These problems are made worse now that office workers around the world have been sent home to work remotely. How secure is their physical workspace? How secure is their home work computer? There's a lot more unknowns now for a company that didn't have proper policies in place regarding password management before everyone was sent home to work. Which is why it's more important than ever for you to get your act together with regards to password management.
So how should you create and securely store your passwords? Should you use a cloud-based password manager?
Cloud-based password managers have become very popular these days simply due to their ease of use. They'll usually work along with a custom browser extension that will autogenerate new secure passwords, encrypt them and store them in their servers.
The problem with these is passwords are stored in the 'cloud' and not on the local computer, we do NOT recommend it. You have no control over that company and what they're doing for security, which makes you vulnerable. If they get hacked, all of your passwords are in the hands of the hackers. They have the "keys to your kingdom" now and you may not even know about it.
Your password management solution should be inside your security environment, not in the open cloud. There's a lot of potential solutions to securely manage your passwords in your local environment, the right one depends on your specific needs.
If you're on a budget, a quick and easy solution can be to encrypt an excel spreadsheet that contains your passwords. This doesn't give you as much functionality as dedicated password management software but it's better than sticky notes and an unprotected notepad document.
It's also crucial that you have proper cyber threat detection, anti-virus and anti-malware software on your local computer network to help ensure your passwords and important data stay safe as well.
As always, if you need a helping hand don't hesitate to reach out to us.
Continū helps asset owners act on the knowledge that their data is at risk right now and is only as secure as their ability to detect and respond to all threats.
