Password management gets cloudy for SMBs

Small to medium-sized businesses (SMBs) are increasingly moving their work tools to the cloud. On top of that, the line between personal and professional technology continues to blur as more employees opt to bring their own preferred apps into the workplace.

Despite the obvious cost savings and productivity gains from migrating tools to the cloud, the result is a logistical nightmare for business administrators who now have to manage a smorgasbord of application identities & passwords.

Add to that the poor password hygiene of a large segment of the population, and you’ve got gaping security holes that excite even the most novice of hackers.

The ability to work anytime, anywhere and on any device has become a mantra for the modern day professional, and it’s in large part driving the business embrace of the cloud.

According to recent research from Enterprise Strategy Group and LogMeIn, nearly three-quarters of knowledge workers – those who handle information – say mobility is critical or important to doing their jobs productively, with 70 per cent working outside an office environment at least a few days a week. Yet 60 per cent of SMBs have no policies in place to address the rise of cloud apps in the workplace.

The ongoing password saga

While password management is not a new challenge for SMBs, it’s one that’s become far more complex given that on average individuals maintain passwords for more than 25 web apps they use for work. And the stakes for SMBs are higher than ever, as nearly 80 per cent of cloud apps and services contain sensitive, regulated or company confidential data.

All it takes is one data breach to cripple a company – Gartner estimates that only 6 per cent of businesses emerge from a breach unscathed, with 43 per cent going out of business altogether.

While it may seem that maintaining good, unique passwords is a productivity killer, there are a few ways SMBs can make it easier for their employees to clean up their dirty password habits.

  1. Avoid the popular group. It’s shocking how often this bears repeating, but SMBs should never, under any circumstance, use easy-to-guess passwords to protect critical information. The most popular passwords in 2014 were ‘password’ and ‘123456.’ Passwords should be a combination of upper and lower case letters, numbers and symbols.
  2. Store passwords in a vault. If you can remember the usernames and passwords of every application you have, you either have a photographic memory or you’re using the same credentials for each one. Since each application should have a unique password, a password vault will ease the management burden and encourage strong passwords that don’t have to be committed to memory.
  3. Deploy an employee access/identity management solution. Not only do password vaults help employees stay on top of their passwords, but they can be designed for business use, as well. SMBs can manage team access so employees that join the company can be granted quick access – or remove those who leave without hassle – and allow for account sharing without sharing the password itself.
  4. Use two-factor authentication. Adding an extra layer of security via two-factor authentication will make it harder for a hacker to compromise a password, especially when triggered by users exhibiting suspicious behaviour, such as switching browsers or location.

When it comes to securing corporate data in the cloud, there is no silver bullet solution. However, humans will always be the weakest link in the chain, so encouraging better password hygiene, both at the employee and IT level, is a good place to start mitigating risks.

It’s time to make password management a priority to keep the business and your customers safe.

Boris Jabes, Senior Director of Product Management at LogMeIn