Your employees are your greatest asset — and potentially your greatest liability. Laptops stolen at the airport, smart phones lost at conferences, data accessed through insecure wireless networks — all of these seemingly unintentional and innocuous instances add up to huge cyber security risk. When you contemplate the possibility that your employees’ personal mobile devices aren’t password protected, and when you consider the likelihood of password sharing and reuse across web sites, you realize that you’re a sitting duck for serious breach. What can you do to address these threats? Start by educating your employees on password management protocols and installing an automated self-service password tool.
Even large and sophisticated organizations fall down on password management. A rash of recent security breaches at high-profile companies and at state and federal government agencies has highlighted the importance of cyber-security within organizations. Whereas it used to be that the most concerning and damaging breaches originated outside the organization, we’re now observing a significant shift to a proliferation of breaches rooted within the organization itself.
When a large profile company or government agency experiences a cyber security meltdown, the destruction and exposure extends far beyond embarrassment and compromised credibility.
In addition to damage wielded by leaked business information, trade secrets and financial data, security breaches violate a host of federal and state laws that require organizations to properly safeguard confidential data. This would include things like credit and loan applications, social security numbers, PINs, user names and passwords, and private employee medical records.
Put simply, if you don’t have the right cyber security protocols in place — including self-service password management tools — you’re leaving yourself open to sanctions, lawsuits and irreparable harm to your reputation.
Why wait until you’re in hot water to put self-service password management in place and actively engage your employees in the process? Most breaches caused by employees are the result of carelessness and ignorance, not malice. Tell them never to access your system through an unsecure wireless network and to make sure that they remove unnecessary information from their hard drives. Inform them on the dangers of sharing passwords with others and reusing passwords and user names across web sites. Remind them of the importance of never leaving equipment unattended outside the workplace and reporting lost or stolen equipment — including USB drives — to IT immediately. And, explain to them that non-approved personal mobile devices should not be accessing the network.
Once you have educated them on cyber-security best practices, put the tools in place to help them succeed and comply. The most effective self-service password management systems automate the entire process. Your self-service enterprise password manager should empower you to immediately and automatically deactivate and activate user accounts and include user provisioning capabilities to ensure that specific users aren’t granted excessive access. Users should be able to execute self-service password reset to decrease the burden on the IT department, streamline processes, and improve service.
When your people are educated and your organization is set up with the right password management solution. Don’t get caught flat footed in a large scale breach that leaves you vulnerable to legal liability and sanctions. Embrace the power of positive change and integrate your protocols, software solution and employee training procedures for maximum improvement and impact. It’s a nominal investment in time and software that will give you tremendous peace of mind.
Watch the video to see how senior security analysts at Gwinnett Medical Center discuss their active directory password reset success:
Learn the Top 10 Password Management Best Practices for successful implementations from industry experts. Use this guide to sidestep the challenges that typically derail enterprise password management projects.