by Brian Kelley
Worried about security in a highly-connected IT environment? Get a password manager. You’d be hard-pressed to find better advice anywhere else because managing credentials is not a set-and-forget practice, and it never will be.
Stolen passwords are the leading cause of hacks and are rising quickly. In 2016, 81% of all hacks are from compromised credentials, which is a drastic increase from 63% in 2015. You could start considering usernames and passwords to be dormant weapons that criminals can use against you later.
It’s hard to fathom employees unknowingly letting intruders in, but that’s the state of cybersecurity today. Everyone associated with a vital account or service within a company is now an active target for anyone wanting to break in. The bottom line that all decision-makers have to face is risks and low costs. Compared to the alternative, credential management is a bargain.
And let’s face it: cutting costs wins out at the end of the day. It is cheaper by far to pay for a good security infrastructure now then pay (dearly) later. Whether you’re a small business or enterprise-level, even one breach from a lost password
So, here’s a list of eight problems that go away when credentials are properly stored and protected.
1) Bankruptcy — At least from hacking and intrusions
The average cost to cover the damage of a breach is $3.8 million. When credential management drastically reduces the chances of hacking in the first place, it also increases your company surviving for a few years.
2) Email spoofing
Managing credentials puts a stop to phishing emails (fake email designed to steal credentials) 30% of these forgeries get opened, which is running a high risk that someone will slip up sooner or later. Managing credentials means it’s less likely an employee will give them up to unusual credential requests.
3) Manual credential resets
Humans shouldn’t be in charge of making credentials, and it’s an easily automated process anyway. Might as well make it impossible to guess, and improbable to crack.
4) Unsafe password sharing
Don’t ever share passwords with anyone used to be how secrets stayed secret. That’s hard to pull off in business these days, so giving login info to trusted associates, through a password manager, encrypted email, or another controlled method, is the only safe way to do it.
5) Not worrying about an unknown breach
Controlling credentials means you’ll know about security leaks when unusual login activity occurs
Any management software worth its salt will be able to grant administrative access and monitoring to who’s logging in and when. It’s a built-in red flag.
6) Employees can bring their device (BYOD) to work without fear
The fear, in this case, is outside devices bringing who knows what into the work place. Accessing business data through personal devices is more productive, but also a higher liability. Managing credentials properly is the answer to this potential security gap.
7) Help desk costs
Your IT professional doesn’t want to fix your password problems any more than you do. All the more reason to have an automated credential management system that allows reasonable administrative access.
8) Grow and diversify without worrying about the security of third-party apps and services
Online presence requires using more and more cloud-based services and apps to enhance your business. You can’t always count on their cyber-defenses, so at the very least, the credentials you use with them must be as secure as possible.
You don’t have to have username/password-style credentials if you want to survive and thrive in today’s business landscape. There are a lot of ways — security tokens for example — you can use to sign on instead. But we have a long way to go before mainstream apps or services adopt password-less credentials like these. Until that happens, managing them is crucial to any business wanting to avoid the worst case scenario.
