Protecting your keys to the kingdom is actually really easy.

Password security stands as a bulwark against cyber-attacks, particularly for small businesses. While larger corporations often dominate headlines when it comes to cybersecurity breaches, small businesses are not immune to the dangers posed by weak password practices. Despite the prevailing notion that small businesses may fly under the radar of cybercriminals, the reality tells a different story. In fact, small businesses are increasingly becoming prime targets for cyber-attacks due to their typically less fortified defenses compared to larger enterprises.

One of the most prevalent vulnerabilities lies in the use of weak passwords. These are akin to locking the front door of your business with a blank key, inviting malicious actors to exploit vulnerabilities and gain unauthorized access. Breaches stemming from weak passwords can result in dire consequences such as data loss, financial loss, and significant damage to reputation.

Implementing Password Policies for Employees

Small business owners should establish clear and comprehensive password policies to govern the creation, management, and use of passwords by employees. These policies serve as guidelines to promote consistent password practices across the organization and minimize the risk of security incidents due to human error or negligence.

In addition to encouraging the use of strong, unique passwords, password policies should also incorporate the National Institute of Standards and Technology’s (NIST) recommendations for limiting the number of password attempts. By capping the number of login attempts, businesses can thwart brute-force attacks and prevent unauthorized access to sensitive accounts. Moreover, implementing a delay or lockout mechanism after multiple failed login attempts adds an extra layer of security, discouraging malicious actors from persistently guessing passwords.

Importance of Strong, Unique Passwords

New NIST password guidelines say that overall length of a password is more important than mere complexity when designing a password. Paradoxically, using complex passwords (adding special characters, uppercase letters, lowercase letters, and numbers) may make it easier for brute force attacks to compromise your passwords, and this mostly has to do with user behavior which tends to re-use slightly modified or simplified passwords. An example of this would be the user adding sequential numbers to the end of their password choices. Although NIST suggests a minimum of eight characters, generally the longer the password, the more difficult it is to compromise.

But there is some good news!

Furthermore, NIST’s guidelines suggest moving away from frequent password changes unless there’s a specific reason to do so. The old practice of regularly switching passwords has been found to cause frustration among users, often leading to the selection of easy to remember and simplified passwords. Instead, periodic password resets should occur only in response to a user’s request or if there’s evidence of a potential security compromise.

And even better news!

While managing a multitude of strong, unique passwords across various accounts and platforms can quickly become overwhelming when you do it manually, password managers have emerged as indispensable tools for small businesses seeking to streamline password management while enhancing security.

Password managers provide a centralized platform for securely storing, organizing, and auto filling passwords across different devices and applications. They employ encryption techniques to safeguard sensitive credentials, ensuring that only authorized users can access them. Additionally, password managers often offer features such as password generation, password strength assessment, and secure sharing capabilities, further enhancing password security and efficiency. By employing a password management system, a firm’s users will be effectively only required to memorize one master password for their account. And the password manager will keep all the unique passwords secure but easily accessible.

Small business owners are encouraged to invest in reputable password manager solutions and encourage their employees to utilize them for managing business-related passwords.¹ By leveraging password managers, businesses can mitigate the risks associated with weak passwords, reduce the burden of password management, and fortify their defenses against cyber threats.

BitWarden

https://bitwarden.com/products/business/

Bitwarden is a password manager that secures your passwords, passkeys, and sensitive information with end-to-end encryption and cross-platform accessibility. You can choose from different plans and pricing options for individuals and businesses, and enjoy features like Bitwarden Send, File Attachments, and Security Reports.

Buttercup

https://buttercup.pw/

Buttercup is a free and open-source password manager that uses 256-bit AES encryption to store and protect your login details under a single master password. With Buttercup, you can download and use the software on desktop, mobile, and as a browser extension. It ensures your credentials are secure and accessible across all your devices.

VaultWarden

https://github.com/dani-garcia/vaultwarden

Vaultwarden is an open-source, community-driven password manager that secures your passwords, passkeys, and sensitive information. It serves as an unofficial, self-hosted alternative to the renowned Bitwarden Password Manager. With Vaultwarden, you can easily manage your credentials across devices, ensuring security and accessibility wherever you go.

If you would like more information about why these are the three on my list, why they’re all open source, or just how to get started, reach out today! I have been providing IT leadership to small businesses for over 20 years, and I would love to hear from you. I can offer you a free consultation, where we can discuss your challenges, goals, and options. Together, we can find the best way to use technology to make certain your business stays secure.

References:

• NIST’s New Password Rule Book
• NIST Special Publication 800-63B - Digital Identity Guidelines

Cover Photo by Jason Dent on Unsplash

Inline Photo by Matthew Henry on Unsplash