Password policies are just not enough to keep your business secure.

Do you have a password manager in place? As cybersecurity threats and attacks continue to soar, you NEED a password manager to keep your small or medium business safe. The incentives for implementing a password manager have increased far past 68 million to over a billion. 3.2 billion reasons to be precise.

3.2 billion is the total number of unique pairs of cleartext emails and passwords that were leaked in what is being called the biggest breach of all time and the mother of all breaches, COMB, aka the Compilation of Many Breaches.

Learn more about COMB here.

Then there was the breach of more than 500,000 Zoom accounts. These accounts were listed for sale in dark web hacker forums, according to dashlane.com. What makes the Zoom incident particularly scary is that the service is used by the influx of employees who are working from home in recent times.

U.S employees who are now working remote are using new ways to communicate, get their work done, and protect themselves. These practices have never been so widely used before now. Tools for videoconferencing, VPNs, anti-malware protection, and password managers are just common practice for businesses working remote.

However, just 45% of businesses say they have taken steps to protect information stored on employees’ phones and devices, according to Dashlane. While most employees are working off their home wifi, using personal devices, etc., business owners need to know the MOST important way the whole team needs to protect the business as a whole.

 

Even The Best Employees Can Cause The Biggest Problems  

Most employees don’t set out to intentionally put their company at risk. They do so unwittingly by clicking phishing lures, using weak passwords, or accidentally leaking logins.

Password overload is one explanation for weak passwords. Employees typically have dozens of passwords to keep track of. To simplify the process, they often favor passwords like 123456, qwerty, and even password.

You’d think that strict password policies would eliminate the use of these types of credentials. The trouble is that policies are often not closely monitored or enforced. Consider that though 67% of companies have a password policy for employees, only 34% say they strictly enforce it. In fact, 59% of companies say their #1 password-management technique is human memory, followed by sticky notes at 42%.

Making matters worse, employees often reuse these ineffective passwords across multiple accounts, both business and personal. In the workplace, users recycle passwords across an average of 16 business accounts. They also share passwords at work with team members using unsecure methods such as Slack and email.

Another common faux pas: People often scribble passwords on sticky notes, then attach them to their laptop or monitor. That could be risker than you think—just ask Lisa Kudrow. The Friends actress posted a photo on Instagram of her computer monitor, which included a sticky note with her password clearly legible.

Why your password policies alone aren’t doing the job 

A basic belief of password management is requiring that employees change passwords on a regular basis. About two-thirds (67%) of companies use periodic password changes to enhance security. But employees may balk at having to change passwords across dozens of accounts.

In fact, frequent password changes can incentivize employees to create weaker passwords or make minor tweaks to previous credentials. If you are overly strict about password changes or require them too frequently, you could be doing more harm than good. The solution? A business password manager with SSO that gives you unsurpassed security and insight, without requiring frequent employee password changes.