Good password management is an essential for modern SME IT security.
Every reader will recognise the alarming rate at which passwords proliferate in their own life. From social media through to online banking, everything requires a password. Remembering them all is virtually impossible.
You will also have encountered the typical, common sense ‘golden rules’ about password safety:
- have a separate password for every single system and online service
- making these longer, hard to guess, and definitely avoiding the dog’s name
- varying lower and upper case letters, adding numbers, and symbols.
- never, ever, sticking them on your screen, popping a list in the drawer, or adding a nice easy-to-find note on their mobile phone.
And every reader will, hand on heart, know that they often break these golden rules.
Now multiply that up by 10, 50, or even 250 people in your SME business.
Your business is full of individuals who would never deliberately compromise your SME IT security – but, unless you help them, they may well do so.
Why SME IT security demands password manager software – and much more
SMEs around the world are not as cyber resilient as larger organisations. According to the World Economic Forum’s Global Cybersecurity Outlook 2024 report, the gap is widening in worrying ways.
Even as the cyber threats grow, half the smallest organisations they surveyed were unsure if they had the knowledge or skills to cope with increasing cyber security demands.
Consider this alongside the fact that SMEs are the least able to cope with the operational interruptions that can arise as the result of a cyber incident, nor their financial impacts.
Why are SMEs particularly vulnerable to password security problems?
SME businesses are typically run by an owner or a small management team. They have not yet reached the stage of hiring an experienced IT leader with cyber security experience. The days of having a CISO (Chief Information Security Officer) to manage SME IT security are years away.
Despite this, they experience these three things:
- Increasing user numbers: Keeping overheads low often means a higher proportion of fully virtual employees, complicated by the fact that SMEs are often in continual ‘recruitment’ mode. As every user arrives, they are given passwords – often several, since systems are not yet fully integrated. Many SMEs also lack mature onboarding processes and technology policies that help new staff know exactly what the expectations are about using and protecting IT systems, including password management.
- Multiple operational systems and software solutions: SMEs often have a large number of software applications and point solutions. As they have grown, they have brought in increasingly professional systems for key functions like HR, finance, and so on. These are not fully integrated or managed inside a single enterprise system with Single Sign-On – meaning every user of every system needs a password.
- Unlimited ‘extra’ software applications: What is called ‘shadow IT’ in larger organisations, when employees colour outside the lines on the systems they use, is much less obvious in a smaller one. SMEs are simply a little like the Wild West when it comes to software management – there are few controls to circumvent. When employees see a piece of software they think would be useful, they may simply buy and start using it. They may even use some of the handy integration so hook them to other systems, creating instant system and data risks.
These three things all contribute to a proliferation of passwords that put SME IT security in jeopardy. Unless, that is, they are carefully managed.
Enter the Password Manager.
What are password managers?
A password manager is a piece of software that is designed to store and manage passwords securely. They can generate strong, unique passwords for each of a users’ accounts and store them in an encrypted format.
This means that a user only needs to remember one Master password to access the password manager, which in turn holds the keys to all the other accounts.
It can be particularly powerful in combination with Multi Factor Authorisation for your SME, but is incredibly useful regardless.
How do password managers work?
Password managers operate by storing passwords in a secure, encrypted database. Here’s a basic overview of how they work:
- Password generation: Many password managers can create complex, random passwords for accounts, ensuring they are unique and almost impossible to guess. The longer a password is, the greater the time it would take to crack, even by sophisticated hackers. A few years ago, 8 characters was enough. Today, 12 is a minimum and 16 characters even better.
- Storage: These passwords are stored in an encrypted electronic vault. The encryption is strong enough that even if someone were to access the database, they would not be able to decrypt the individual passwords without the Master password.
- Autofill: A password manager can automatically fill in a username and password when a particular website is visited. That saves the user from having to copy and paste, or type them in. There’s less need to look them up even in the password manager (and definitely no excuse for writing them down anywhere else).
- Synchronisation: Password managers can sync a password vault across multiple devices, so users have access to their passwords whether working on a PC in the office, at home on a laptop, or accessing information from their phone or tablet.
- Security audits: Some password managers provide security reports, highlighting dark web compromises, weak, reused, or old passwords that need to be changed. I
Why your employees need a password manager
- Enhanced Security: Using a password manager ensures that each of a user’s accounts has a unique, strong password. Even if one password is breached, it reduces the risk of multiple accounts being compromised.
- Convenience: With a password manager, users only need to remember one Master password. This simplifies the process of logging into different accounts as well as managing multiple passwords.
- Protection Against Phishing: Many password managers can also recognise phishing sites and will not autofill credentials if the website URL does not match the one stored in the manager.
- Time Saving: Autofill features save you time by entering login details automatically.
One important thing you can do is organise cyber security awareness training for SME staff.
Another is implementing a password manager solution across your SME. This enables the company to not only improve SME IT security at a single step, but also brings some additional benefits. With a company password manager, you can also:
- manage the distribution of new user passwords – many password managers will integrate with existing systems for user access
- enable secure password sharing and transfer between team members, either for using shared accounts (such as social media logins) or if a manager wants to enable a team member to use a new application
- encourage a cyber aware culture, including positive password management behaviours
While password managers significantly enhance your SME IT security, it’s also essential to follow a few other best practices to maximise your online protection:
- Enable Multi-Factor Authentication (MFA): Wherever possible, enable MFA across shared software systems. This adds an extra layer of security by requiring a second form of verification, such as a text message or an authentication app.
- Remind users to regularly update passwords: Get into the habit of encouraging users to change passwords periodically and update any passwords that are old, weak or reused.
- Encourage a strong Master password: Make sure that users create robust and memorable Master passwords. Consider using a passphrase—a sequence of random words or a sentence that is easy for you to remember but hard for others to guess.
In a world where cyber threats are ever-increasing, a password manager is an essential tool for maintaining SME IT security and protecting both companies and individuals.
It simplifies the management of multiple passwords, ensures they are strong and unique, and enhances your overall digital safety.
By combining the use of a password manager with best practices like enabling MFA and being vigilant about phishing attacks, you can significantly reduce your risks. Along with all the potential downtime, reputation risks, and costs that come with any cyber incident.
Can we help? Implementing secure systems and behaviours are part of what we do through our managed IT services.
Book a chat today
