Guest post by ConsumersAdvocate.org
It’s the Little Things that Sting
Password proliferation is a common cause for complaint in the business world. One recent study found that the average business user has 191 passwords to keep track of. And that figure primarily reflects the “civilians” among us. IT and IT security professionals, who hold the keys to entire data kingdoms, may have thousands of passwords in their purview. And while many of the assets IT pros manage are larger in scope and more technically complex, experience teaches us that it’s often the tiny cracks that bring down a rock-solid security wall. Some 80% of data breaches can be traced back to stolen or weak passwords.
Does PCI Compliance Equal Safety?
When it comes to passwords, PCI DSS guidelines might not be enough to protect your business. Frankly, in the face of the sizable risk businesses assume when they accept electronic payments, some of the advice offered by PCI itself seems rather quaint: “Treat your passwords like a toothbrush. Don’t let anyone else use them and get new ones every three months.”
Prudent businesses—like yours—may want to do a little more to protect themselves and their customers. Globally, the average data breach costs $3.92 million dollars. And that figure doesn’t account for the goodwill lost when customers hold businesses accountable for allowing their data to fall into the wrong hands. Taking steps beyond those mandated by the PCI Council can offer your business the greater security it needs.
Password Managers Can Mitigate Risk
Password managers do automatically what humans struggle mightily with. They generate, remember, retrieve, and even accurately type complex strings of unrelated, unintelligible characters—in other words, strong passwords. And they have an endless capacity to do so.
Ideally, every customer of every retail store, bank, or credit card company on the planet would use a password manager and we’d all be safer for it. That’s a lot to ask for. But if market data is any indication, the day might not be far off when password managers become part of every consumer’s digital lifestyle. The global password manager industry is expected to grow by 19.4% annually by 2025.
We can’t control what happens downstream, of course. But as business leaders, we can control what happens in our own little ponds. Beyond simply requiring employees to change their passwords periodically, some organizations are now mandating the use of password managers throughout their organizations. Choosing the right password protection product and providing effective training are two ways you can successfully add password managers to your security arsenal and protect your company and customers from costly, undue risk.
What to Look for in a Password Manager
You’ve likely tested hundreds of tech products and visited an enormous number of websites. You recognize the most effective password manager for your business is the one you and your employees find intuitive and easy to use.
The most secure password managers employ multi-factor authentication (MFA). That makes them a little more complicated to use since employees will also need to install an MFA application on their devices. To save steps without sacrificing security, some password managers simplify log-in by using biometric data like fingerprints or facial features to identify users.
Coronavirus Concerns: Your New Remote Workforce
Stay-at-home orders across the country are keeping people safe during the pandemic. But they’ve also created remote workforces where there were none before. IT security managers who previously had employees working offsite are confronting the issue of secure data transmission on a broader scale. And those who have never supported stay-at-home workers before are experiencing trial by dangerous fire.
Large organizations typically have a Virtual Private Network (VPN) in place and have trained employees to use it. If you’re new to managing a remote workforce, it may make sense to consider password manager products that offer VPN service as part of their packages. Some password manager companies also allow you to opt-in to a dark web monitoring program. Dark web monitoring won’t prevent a data breach but it can help you minimize your exposure when one occurs by quickly alerting you when your information has been compromised.
Making the Case for Heightened Security
Nothing raises the hackles of already-harried workers like changes they perceive as unnecessary, purely administrative, and unduly complex. So it’s critical to educate employees about the economic implications of a data breach. Not to put too fine a point on it, but data breaches can and do kill companies on a regular basis. Data protection becomes personal protection when viewed through that lens. And that makes it everyone’s job.
ConsumersAdvocate.org is committed to bringing millions of people honest, accurate, helpful and thorough reviews across a wide range of products and services. They adhere to principles of editorial independence that support their core mission of helping consumers make decisions easy, the smart way.