Secure Password Management in Companies
The problem: Companies treat their passwords much too carelessly
According to a 2010 Forsa survey published by ISACA in the UK in 2013, 49.7% of respondents were using the same 2 or 3 passwords across multiple accounts/websites. Especially for companies, those numbers should be alarming, since confidential business and customer data as well as guarantors for sales as the company website can be compromised. For example, if an employee leaves the company and the passwords are not changed after that, they can still - theoretically - access all the accounts. In the worst case, there is even a default password for logins used by several members of a team. This may sound logical, because companies usually own dozens of logins and accounts. But in terms of company data security, this is a real catastrophy.
But: Many companies simply don't think enough about password management or believe it is too time-consuming to take appropriate measures. Even if employees leave the company on bad terms, it does often not lead to important logins being changed centrally. Password policies which would instruct employees to select their passwords with a minimum of security, do not exist or are not enforced.
Furthermore, it is accepted that people use the same passwords for private and business accounts. Passwords for common accounts are sent unencrypted via e-mail or via messengers like Skype to others. Password lists are created in common folders on company servers or, for example, in Google Drive - often unencrypted as well! It seems as if companies simply hope that they will get off the hook lightly. But it is easily possible to manage passwords in teams securely and efficiently.
The solution: How to get password management in companies right
Companies which take password security seriously should set the following items on their agenda:
Sensitize and inform employees
It is important that all employees in the company know why weak and repetitive passwords are a threat to data security. Depending on the company size, a guide for dealing with passwords should be created and employees should be informed in meetings or even have dedicated trainings.
Provide a contact person
Every company should decide on and communicate at least one person who acts as the contact person for all matters of password protection and data security for the employees, in case of questions or problems.
Set and enforce policies for secure passwords
To help you build strong passwords in terms of length and complexity, check out our tips for creating strong passwords. It is important for companies to set and communicate cross-company policies. For example, such a policy might require passwords to be at least 12 characters long and contain both lowercase, uppercase, and a number. Very important: Check that your employees comply with the guidelines.
Set and enforce policies for changing passwords
Passwords should be changed regularly. Depending on their importance, this could be every month or once a year. Accompanying appropriate policies should be created as well to guide the employees. This is especially important when employees leave the company. All accounts to which they had access should get a new password as soon as possible.
In the end, security should not decrease the productivity of your employees. Instead of sending out reminders manually or changing passwords yourself and sending them to everyone, you should make work as easy as possible for them, especially if you consider how many accounts and passwords a usually company-owned. Otherwise, your employees will spend a lot of time changing passwords or trying to remember them or - even worse - writing them down on Post-its and sticking them to the monitor. Alternatively, they might search for workarounds to bypass your policies. Instead, you should provide your employees with easy-to-use password tools which can do most of the work for them.
Password management in companies with Password Depot Server
With Password Depot Server, all your password files will be stored encrypted and centrally on a company server. All employees access and use passwords according to the rights they were given via an easy-to-use user interface (Password Depot Client). The only thing they will need to remember is their personal master password. Because of this central management, it is much easier to change passwords for everyone, to define password policies and enforce them. In addition, it is no longer necessary to search for the latest version of a password in e-mails or on the server.
If an employee leaves the company, an administrator can block their access via the control panel and change the passwords to which they had access. The other employees don't even need to be informed about it: They can always access the latest version of a password and can continue working without interruptions.
The comprehensive encryption of all data as well as the detailed assigning of rights increase security: You can define for every user individually which changes they can make in which file and which possibilities they have to export or print passwords, for example.
Conclusion: Using Password Depot Server in your company will not only increase security greatly, but also productivity. Changing of access data no longer has to be communcated via e-mail. All login data can be managed in a central and well-structured way.