How many employees do you have who keep your company’s passwords on sticky notes stuck to their monitors? This simple, seemingly benign trick could be putting your business at risk. After all, if you can see the password on a sticky note, so too can others who happen to be wandering around the office—including potential threat actors.
This System is Putting Your Business at Risk
If your employees have to resort to sticky notes in the first place, this is a symptom of a failure in your password policy. The good news is that you can actually do something about this.
Why Employees Write Down Passwords
The big reason why employees write down passwords is because it’s more convenient than the alternatives you’ve provided, plain and simple.
You might want your team to use complex passwords, but if they have no way of keeping track of complex passwords for their multitude of accounts, it’s no wonder they’ll resort to a shortcut. The problem is that the shortcut they’re most familiar with is not secure for your business, and you’ve made the employee accept the lesser of two evils. They either suffer while trying to remember impossible passwords, or they take a little risk.
Convenience will always triumph over security… That is, unless you make security convenient.
The Password Reuse Problem
Password reuse is also a serious contender for “worst password problem” out there. If people reuse passwords for multiple accounts, it just creates more trouble when one leak happens. It suddenly puts all other apps and services that use that password at risk, including banking websites, social media accounts, or even your company’s network.
How These Hacks Happen
These hacks occur when a single hack occurs—perhaps even for a single, unimportant website or app—but the fallout is considerably worse.
If the hacker has stolen a bunch of passwords and usernames, they can then use a script to try these login credentials elsewhere. They might try to infiltrate your company network, email, or software. The worst part is that they might even gain access. Effortlessly.
And that’s just the beginning.
The Solution
We know at Directive that you can’t just blame the team for breaches, but what you can do is address their collective lack of knowledge about network security and password best practices. The trick is to empower them in the following ways:
Implement a Password Manager
The password manager addresses the problem that created all those sticky notes in the first place. You can generate strong passwords and store them in a secure vault for later use. These passwords are practically unhackable due to their complexity, and the password manager auto-populates them when needed.
Deploy Multi-Factor Authentication
Multi-factor authentication, or MFA, is another tool that stops most attacks dead in their tracks. If a hacker manages to steal a password, they won’t be able to log in without a secondary credential, like a one-time code sent to the user’s phone or a dedicated MFA app. This effectively eliminates the possibility of a stolen password leading to a breach of security.
If you find your business needs a hand with password management and the troubles it can bring, don’t wait any longer. Let Directive support your business’ efforts. Learn more by calling us at (607) 433-2200 today.
Comments