Password Process for Small Businesses


Creating good cyber habits is essential to staying safe online. 81% of cyber hacks are due to weak or stolen passwords according to a Verizon Data Breach Report. And weak or stolen passwords are typically due to complacency or lack of awareness on behalf of an organization’s employees. As a business owner, it’s of paramount importance to instill password-security best practices and explain the importance of passwords and cybersecurity to your employees. The main point here is that cybersecurity must always start with password security.

The smaller your business the easier it is for one hack to put you out of business. According to a 2017 study by the Ponemon Institute and IBM, the average cost of a data breach is $3.6 million, or $141 per data record stolen. As a business leader and fiduciary, it’s upon all of us to take the necessary measures to protect company and stakeholder information – it starts with implementing strong password security and controls. Most people are aware that you should use strong passwords and unique passwords for every website, application and system. The problem is that many businesses aren’t aware that solutions, like password management applications, exist for this purpose.

Create Strong Passwords

Passwords are the single easiest entry point you can protect. There are a few basics when creating passwords for personal and professional use to keep in mind. A long password doesn’t necessarily make it more secure. To be secure it should be both long and random – meaning, it should contain a combination of upper and lowercase letters, numbers and symbols. A password should be no less than 8 to 16 characters but certainly more can be better. Certain websites require a certain character length so be cognizant of those requirements when creating your passwords.

Never Reuse Passwords

More than 50% of all people use the same password for all their websites and applications. This is a common and very dangerous problem. Hackers keep dictionary lists of the most commonly used passwords. They also know that if they are successful in breaching a single account, they will often be able to access multiple accounts for the same person due to the high frequency of password reuse. So, the more you reuse passwords the easier it is for an attacker to gain access to every account that uses that same password.

Consider Using a Password Manager

A password management application will enable you to create unique, high-strength, randomly generated passwords for every website and application you use. Also, you don’t have to remember each individual password – just one master password. Password managers organize and maintain your passwords in a secure, encrypted digital vault. They also allow you to be faster online by autofilling your login credentials for you. With a password manager you can also mandate the use of two-factor authentication for an added layer of security.

Overall, you have to set the example from the top and treat cybersecurity as a priority. You also have to educate and train your employees to understand the importance of cybersecurity and protective tactics to avoid a data breach. If possible, enforce a password management policy and facilitate it by using a company-wide password manager. It’s one of the most potent and cost-effective solutions for securing and managing the passwords in your organization – this can prevent the most common data breaches. Once you’ve nailed down the basics of password security and effective password management, you can layer in additional cybersecurity technologies.


About Author

Darren Guccione is the CEO and co-founder of Keeper Security, Inc., the creator of Keeper, the world’s most popular password manager and secure digital vault and KeeperChat, the world’s most secure messaging app for all your devices. Prior to Keeper, Darren served as an advisor to NinthDecimal (f/k/a JiWire), the leading media and technology service provider for the Wi-Fi industry. And prior to that, Darren was the CFO and Co-founder of Apollo Solutions, Inc., which was acquired by CNET Networks (now CBS Interactive).

Comments are closed.