Before You Invest Further In Password Management
To help you make better decisions about your cybersecurity investments, use the self-assessment questions in this section. Once you go through these points, we’ll review the essential password management terms.
- What’s Your Current State for Password Management?
Every organization has different password management problems. You need to understand those issues to find out whether a password management solution is the right fix. Ask your IT managers what other IT security issues and problems they’ve encountered in the past year. Why should password management be the number one investment?
Tip: Instead of saying yes or no to a specific request, encourage your managers to develop a business case to support their request. For example, suggest they read “Get Your SSO Software Project Funded with a Business Case” for background.
- What Problems Have Audit and Other Reviews Found in Your Password Management?
When your division or department has outstanding audit findings, it’s embarrassing. If those findings come from a cybersecurity review, it’s even worse. If your managers want to invest in password management, encourage them to analyze whether that move will help you to close audit findings. If you have no open audit findings or recommendations from external reviews, move on to other topics covered in the report.
For the best results, take the time to consult with external auditors, internal auditors, and any security consultants your organization has recently worked with. It’s a sad reality that audit and consultant reports are not always acted on; this is your opportunity to use those reports to improve security.
- What Cybersecurity Incidents Have Hit the Organization in the Past 12 Months?
When your organization suffers a major security incident, top executives take responsibility. Remember the Equifax cybersecurity incident in 2017? Not only did the company suffer a major loss of trust, but the company’s executives took a personal hit to their reputation. In fact, the Equifax CEO had to appear in front of Congress to explain the incident. That was only part of the damage, as the chief information officer and the chief security officer had to step down from their roles. The Equifax experience shows that the consequences of a cybersecurity incident extend directly to the executive level.
If you have open projects or investigations underway to address a hacking incident, ask if password management can be part of the solution. Since many users tend to fall victim to password reuse disease, improving password controls is a smart move. If you’re currently working on a cybersecurity incident response, include password management as part of your long-term fix.
Password Management 101: The Key Terms You Need to Know
With these terms, you’ll be well equipped to hold better discussions about password management.
- Password Reuse: To save time and effort, many people use the same password over and over again on their accounts. Even though it’s widespread, this password practice exposes your organization to increased hacking risk. If an employee’s email account is hacked, then a hacker might easily find out the employer via LinkedIn and attempt to use the password to obtain access to the company’s systems.
- Multi-Factor Authentication (MFA): This is the practice of using more than one authentication method to identify a user. For example, instead of using a single password, MFA would require a user to type in a password and enter a PIN code on his or her smartphone. MFA is one of the best ways to improve security and reduce password risks. MFA is a widely used practice in industry. Find out “Which Companies Use Multi-Factor Authentication with Their Customers?“
- Password Management: This is the IT management practice of managing passwords, enforcing password policies, and reducing password-related security risk. Effective password management requires a password management solution and supporting management oversight.
- Biometric Authentication: This practice uses a biological fact (e.g., a fingerprint, eye scan, or something else) to authenticate a user. This method is widely used in the military, the government, and in some companies. For additional background, read our article: How Biometric Authentication Works.
- Password Complexity: This set of rules governs passwords at your organization. For example, some organizations require a certain length (e.g., 10 characters) and a certain variety of characters (i.e., a combination of letters and numbers). While helpful, strong password complexity rules don’t guarantee security incidents won’t happen.
- Single Sign-On (SSO): How many different passwords do you use in your daily work? The answer might be 10, 20, or even more. Keeping so many different passwords in your memory is tough! To help users with this challenge, implement a single sign-on solution. With SSO, your end users only have one password to manage instead of dozens. It’s one of the best ways to increase password convenience without sacrificing security. Avatier’s Single Sign-On solution also helps you manage your software licenses so you can cut down on unnecessary expenses.
Enhancing Cybersecurity Beyond Password Management
After you hold a few discussions with your IT managers, you might find out that password management is not your greatest vulnerability. That doesn’t mean you’re safe. In fact, you probably have other IT security risk exposures. If you operate in a highly regulated industry such as banking, your employees might need support to earn compliance certifications. Alternatively, your employees may not understand their password responsibilities. In that case, we recommend offering employee password management training.
