By Chris Corde, Director of Products for LogMeIn’s IT Management portfolio
The cloud has provided tremendous benefits for small businesses. Technology that used to be complex, expensive and perhaps unattainable for smaller organisations is now just a few clicks away. Today, just about everything we need to do is available as a cloud offering, so small businesses can have access to the world’s best technology faster than ever before. With that, we are putting some of our most valuable intellectual property into the cloud.
With all this convenience comes risk. With the use of a large number of 3rd party services, the enterprise landscape is far more complex. Corporate assets are now available from anywhere, with only a password protecting access to them. We have all read about the recent hacks – from iCloud to Sony.
It’s enough to cause any small business owner some sleepless nights. Each application that is rolled out to the team provides a great service – but with every addition is added complexity, and a new potential vulnerability, since the use of cloud leads to a reliance on individuals to create and use strong passwords. Fact is - a chain is only as strong as its weakest link, and often you, I and our co-workers are that weak link, due to our atrocious password habits.
Your password is the key to the lock, and the more services we use to run our business the more it becomes completely unmanageable to have complex passwords. By using weak passwords like “123456” or “password” we are essentially leaving the door unlocked. To make matters worse, we then use the same weak passwords across all of the sites and services we use.
That’s bad enough when it comes to personal use, like your Facebook and Netflix accounts. But for business services the danger grows. All of your accounting files, confidential client data, business plans, privileged emails and credit card information can be exposed if a hacker chooses to target your business.
Proper access must also be maintained. You have multiple employees who must have access to these services in order to do their job. Employees and contractors come and go for all sorts of reasons. When you hire someone new, they need to be given access quickly and efficiently. When someone leaves, they should no longer have access to any of these services.
What’s a small business owner to do?
Start with this list:
1.) Use a password management tool designed for business and teams
The easiest method to have a separate password for everything is by using a password manager. Use a password vault to ease the burden of password management and encourage strong passwords (made up of numbers, letters, and symbols) that don’t have to be committed to memory.
2.) Make sure shared accounts are only managed by one administrator and not everyone on the team or in the company.
There are legitimate reasons to share accounts in businesses. Teams often share these passwords over email, instant message tools or other non-secure ways. Password vaults that are designed for business and team use – mitigate risks by allowing you to share access without sharing passwords.
3.) Use tools to provision access to new employees that need them and revoke access from those that are no longer with the company.
A good team management tool provides centralised account management across various different applications. Team accounts can be managed so that an administrator can enable or disable user access to apps centrally when someone joins or leaves the company.
4.) Use multi-factor authentication
Multi-factor authentication requires something in addition to the user name and password to access an account. After the password is entered, the user might receive a text message to their phone with another code that has to be entered. This ensures that if a password is stolen, a hacker still has a second roadblock that prevents access to your accounts.
5.) Make good password habits
Employees want to do the right thing from a security perspective, but humans are always going to be the weakest link in the chain. It’s the human element that forces us to default to a simple password because there are too many to remember. Be sure to inform your employees of the risks of lazy password habits and remind them to take that extra step to keep their passwords secure.
All of this may seem a bit overwhelming. But it doesn’t have to be. By using the right tools and procedures, your business will be that much more secure and you’ll get a good night’s sleep.