How to incorporate password protection into your wider security strategy

Graphic of padlocks in hexagons

The spectre of security breaches continues to plague businesses well into this year, with the latest edition of the government’s Cyber Security Breaches Survey serving as a stark reminder of the threat both enterprises and small- and medium-sized businesses (SMBs) face. Of the organisations reporting cyber attacks, 31% estimate they were attacked on average once a week, while one in five reported a negative outcome as a direct consequence of a cyber attack.

In today’s climate, it’s more important than ever for SMBs and larger enterprises to solidify a comprehensive and broad cyber security strategy. This spans hardening the network infrastructure against infiltration to implementing firewalls and securing endpoint devices. One aspect of a business’s security strategy that’s frequently taken for granted, however, is password security. Password security is a common pain point because it might seem relatively straightforward to get right. As a result, it’s easy to overlook.

Plugging the gaps

Indeed, according to Verizon’s latest data breach report, 81% of hacking-related breaches exploited stolen and/or weak employee passwords. Password hygiene is a major issue across society – not just in the business world – with some of the most common passwords last year including ‘123456’ and ‘password’, which are used by millions of people. This reality is, sadly, also reflected across SMBs and enterprises, with Verizon’s research finding that 70% of employees reuse passwords at work, even though 91% know reusing passwords is poor practice. To make matters worse, 59% reuse passwords everywhere – in their personal and professional lives.

It’s important that organisations prioritise protecting login credentials across the breadth of their business, while layering this into the overall cyber security strategy alongside other practices like employee training and routine backups. This might not be as easy as it sounds, especially for SMBs that are particularly stretched on monetary and human resources. However, a number of inexpensive, low-maintenance tools exist to help businesses get on top of password security, including those offered by Keeper Security.

Building your cyber security layers

In modern data environments, comprehensive cybersecurity requires multiple layers of defence that work together. These layers would naturally include elements like cyber security training, as well as investing in protecting your endpoint devices. The starting point for defence-in-depth security is to implement a clearly defined access policy that determines which employees have access to what systems and data, as well as how passwords are created and stored.

First and foremost, your business must identify its weakest points in order to understand where there might be shortcomings. To achieve this, a business must assess who has access to what data and software, establish whether they need to have access to the elements of the business they do, and limit access if need be. This includes not just full-time employees but also remote workers, contractors, part-time staff and anybody who interacts with the systems that power your business. As a rule, the more people who have access to software or data, the broader your attack surface will be. There will be, unfortunately, more opportunities for a data breach, given that most threats originate from within.

Businesses at this stage must create concrete policies around password management. This is a key step in building a multi-layered cyber security strategy. To that end, tools such as those provided by Keeper Security are key to implementing a zero-trust and zero-knowledge approach. In addition to password management and security, this approach requires secrets management, privileged access management (PAM), remote infrastructure security and encrypted messaging. In practice, this translates into using a unique encryption and data segregation framework to protect against remote data breaches.

The zero-trust security model is centred around the principles of assuming a breach, verifying explicitly and ensuring least-privilege access. An affordable and easy-to-use enterprise password manager (EPM) allows organisations to implement zero-trust network access while slashing administrative overhead. This improves reliability and performance while boosting employee productivity. Administrators will get access to the tools they need to enforce robust password security, verify users and devices and manage role-based access controls alongside least-privilege access and other policies like multi-factor authentication (MFA).

Security for businesses of all sizes

Beyond EPM, Keeper Security offers a variety of products aimed at different-sized organisations, including Keeper Business and Keeper Enterprise, both of which apply least-privilege and zero-trust principles to password management. These foundational ideas form the basis of an essential identity access management (IAM) strategy.

Keeper Business provides businesses with complete visibility into employee password practices while giving them the tools to enforce company policies, monitor compliance and generate audit trails and reports. Keeper Enterprise, meanwhile, adds SSO support, SAML 2.0 authentication, automated team management, advanced MFA, alongside a host of advanced capabilities for larger businesses with hundreds of employees.

Keeper’s products, for which free trials and one-to-one demos are available, serve as a means to block some of the most common pathways to a data breach. You’ll be able to protect your organisation against a variety of threats, including those emanating from the dark web, while securely sharing passwords and applying information security best practice across your organisation’s data environment, regardless of its size or complexity.

Password protection is fundamental to creating a robust and holistic security strategy to keep your organisation safe from data breaches, ransomware and other password-related cyber attacks.

Try Keeper for free today or book a personalised demo to learn more about the best way to protect your organisation from cyberattacks

ITPro

ITPro is a global business technology website providing the latest news, analysis, and business insight for IT decision-makers. Whether it's cyber security, cloud computing, IT infrastructure, or business strategy, we aim to equip leaders with the data they need to make informed IT investments.

For regular updates delivered to your inbox and social feeds, be sure to sign up to our daily newsletter and follow on us LinkedIn and Twitter.