Cybersecurity Awareness Month – Password Costs to Productivity and Cybersecurity

The Heavy Cost of Passwords

Employees without a password manager struggle with passwords for more than 11 hours each year.  That’s a heavy burden on businesses.  Investing in a simple solution like a Password Manager can not only improve your password productivity, but your cybersecurity in dramatic ways as well.  

Let’s say an employee clicks on a phishing link to a Linked-In Reference from a former colleague.  No password manager means the hacker will steal their LinkedIn credentials and then mine the account for all its worth when they attempt to log into the fake Linked-In website.  Now, a Password Manager would not allow this because it would refuse to give up the Linked In credentials on an imposter website.  Big win for security.

The benefits go far beyond that though.  Another common risk is credentials stolen from an online website. No Password Manager means most of your employees will be using identical credentials from the online website breach for accessing your company systems and data.  All a hacker has to do is attempt a few accounts and voila, they will be in.  Now, a Password Manager would, over time, allow employees to set long and unique passwords on each and every account preventing this type of attack from working.

Most importantly, to your business anyways, is the time savings of automating all the password headaches that exist today in a simple to use solution called a Password Manager.  Consider signing up with CyberHoot to learn all about password costs, Password Manager benefits and all of the cybersecurity best practices listed below.

CyberHoot Best practices:

1. Train your employees on the common attacks that are out there.  From weak passwords and password managers, to the importance of multi-factor authentication and how to spot phishing attacks.  Awareness is the key to defending your business.
2. Govern you employees with cybersecurity policies including Acceptable Use, Password, Information Handling and a Written Information Security Policy.
3. Establish cybersecurity best practice processes such as a Vulnerability Alert Management Process (VAMP) and a Cybersecurity Incident Management Process (CIMP) to guide and require action in the face of an emergency.  Then move on onboarding and offboarding processes, SaaS management processes, and 3rd party risk management.
4. Establish strong technical protections including: a Firewall, antivirus, anti-malware, anti-spam, multi-factor authentication on all critical accounts,  Enable full disk encryption, manage the keys carefully, and most importantly, adopt, train on and require all employees to use a Password Manager.
5. Test employees on how to spot and avoid phishing attacks.  CyberHoot has released a disruptive method of Phish Testing the fills in gaps in your employees knowledge without punishing them for failure.  Instead we reward them for success.  More info is available here.
6. Backup your data by following our 3-2-1 Backup methodology to ensure you can recover your business from a cybersecurity event.
7. In the modern Work-from-Home era, make sure you’re managing personal devices connecting to your network by validating their security (patching, antivirus, DNS protections) or prohibiting their use entirely.
8. If you haven’t had a risk assessment by a 3rd party in the last 2 years, you should have one now. Establishing a risk management framework in your organization is critical to addressing your most egregious risks with your finite time and money.
9. Buy Cyber-Insurance to protect you in a catastrophic failure situation. Cyber-Insurance is no different than Car, Fire, Flood, or Life insurance. It’s there when you need it most.

CyberHoot believes that for many small to medium sized businesses and MSPs, you can greatly improve your defenses and chances of not becoming another victim of cyberattack if you follow the advice above.