Will 2019 be the year that businesses finally implement and enforce company-wide use of password management software?
I sure hope so.
Why our businesses must consider a password manager
Thanks to the rise in cloud applications and web resources, most of us are juggling a massive number of accounts on a day-to-day basis.
Your marketing team, for example, might have the following on their list, each with its own separate password:
Your CRM; your email; your central communication and collaboration tools (Slack, Office 365, etc.); your website; your web host (GoDaddy, LiquidWeb, etc.); analytics tools (HubSpot, Google Analytics, etc.); email marketing tools (Constant Contact, MailChimp, etc.); SEO tools (Screaming Frog, SEMRush, etc.); writing tools (Grammarly, Hemingway, Evernote, etc.); lead-capture and prospecting tools (OptinMonster, Hunter, etc.); company social media accounts; video hosting platforms (Youtube, Wistia, Vimeo, etc.); video conferencing platform (Zoom, BlueJeans, etc.); survey platforms (SurveyMonkey, etc.); stock photo sites (ShutterStock, iStock, Adobe Stock, etc.); graphic design sites (Canva, Stencil, etc.); publication subscriptions (Business Journals, Wall Street Journal, etc.)…
And on and on and on.
What would this list look like for you accounting team? HR? Operations?
Now add all those accounts together. How many applications is your company, as a whole, using to perform their duties? And how much of your company information is spread across all these accounts?
Scary, right?
If we leave password management up to the individual, there’s simply no practical way for them to memorize such a large quantity of unique, complex passwords. They’ll either repeat the weak passwords they already have memorized across corporate accounts, or they’ll come up with new passwords that they have to write down somewhere in order to keep track. They don’t have any other choice.
And that puts your business at big-time risk of a breach.
Not only that, but leaving password management to your team makes it incredibly difficult for your business to regain control of corporate accounts after an employee leaves.
Do you even know all the platforms each person on your team is using?
My recommendation
It’s high time we get a better handle on all these accounts. Here’s how:
- Take inventory. To start, we have to wrap our arms around what applications are running around our organization, and how big of an endeavor it will be to wrap these accounts under corporate management. This will help set expectations for the steps ahead.
- Create your policy. Next, create and disseminate a password policy to your team so that everyone knows what parameters they need to work within. Your IT team can help you align this policy with industry best practices.
- Implement a password manager. Finally, provide your team with the tools they need to actually abide by this policy: a password manager. Identify a package that will help your team manage their accounts easily and securely, and that is centralized to give your business ultimate control over each one. Dashlane is terrific for personal and family use, and Keeper is my recommendation for business use.
It will take time and patience to migrate all of your accounts into this new platform, but stick with it: the security of your data depends on it.
As originally published in the American City Business Journals.