Brand, reputation, and intangible value.
However you define it, brand is vital to your company’s ongoing success. For a time, you can acquire customers through sheer sales effort and aggressive pricing. When you have a strong brand, you can charge higher prices and generate more word of mouth referrals. While your brand reputation can do a lot for you, it is also delicate. Think of all the companies who have taken a brand hit in the past decade.
Brands in Jeopardy: A Very Short Introduction
Disappointed customers, unethical conduct, and related activities hurt brand reputation. That’s why we suggest considering brand protection or reputation management in your password management business case. Even large companies that have dedicated cybersecurity departments are not immune:
- Equifax. In 2017, Equifax suffered a significant cybersecurity breach. In financial terms, the company’s stock lost value and executives left the company afterward. As a consequence, the U.S. government is considering stronger regulation of the credit reporting industry.
- Sony. In 2011, Sony suffered a security breach of its PlayStation Network. Millions of customer accounts were impacted. In addition, the U.S. Congress commented on the company’s slow response to the situation.
Entertainment and financial services are just some of the industries vulnerable to cybersecurity risks. Further, poor security practices negatively impacted the company’s brand as seen in media coverage, market value, and management changes. Password management isn’t a magic bullet to prevent hacking. However, strong password management practices and technology do make hacking less likely and may reduce the impact.
How Password Management Protects Your Brand
Use these tips and techniques to enhance your organization’s password management. Each technique and tool you use makes hacking incidents and data loss less likely.
1. Implement a password expiry policy
If your employees use the same password for years on end, your company faces increased security risks. Some hacking efforts seeking passwords and account information take months to sell that information on the black market. If passwords are regularly changed across the board, this risk is reduced.
Designing a password expiry policy requires balancing two competing concepts. On the one hand, you want to protect the company by enforcing regular changes. On the other hand, you want to minimize the administrative burden on employees. As a baseline, start with annual password changes and require more frequent changes for sensitive accounts. Sensitive accounts include systems with access to financial data and customer information.
2. Eliminate weak passwords
If you spend any time with cybersecurity professionals, they will let you in on a dirty secret of the industry. End user behavior, such as choosing weak passwords, is a major contributing cause to hacking incidents. Using a password management system to evaluate password strength is an excellent first step. Criteria to evaluate password strength include: length, use of words (e.g. using “password” as a password), or a string of consecutive characters (e.g. 123456789).
Tip: Instead of exclusively relying on training to prevent weak passwords, use a password management solution like Password Station to enforce strong passwords.
3. Reduce system access when possible
If every employee’s password grants them access to all or most company systems, you are in trouble. To combat this situation, restrict system access based on what each employee uses. The access question goes beyond “does Bob have access to the finance system?” You may also restrict access by giving some users read-only access. If an employee has not used a system in over a year, that’s a good reason to move access.
Tip: If managers cannot easily add and remove access, password management discipline is likely to break down. Password Station provides SOX compliant password management so you can protect your company’s hard-won reputation from unauthorized access.
4. Enforce password management immediately after personnel changes
Employees come and go. It’s a fact of business life. When an employee changes jobs, your password management needs to keep up. If it does not, your brand reputation may be at stake. A disgruntled employee may be pressured into stealing confidential data. Aside from direct losses, satisfying audit requirements is another reason to stay on top of it.
Tip: Create a one page checklist for your managers to use any time an employee leaves. This checklist can include password management, financial matters (e.g. final pay arrangements), and ensuring that company assets are returned.
5. Deliver a password management training seminar for employees
Hacking incidents are in the news every few months, but you need to connect the dots for your employees. Review your annual cybersecurity training program and make space to cover password management. In this session, explain the impact of cybersecurity incidents and breaches on company reputation. After you establish the big picture, translate the issue into everyday life for your staff. For example, poor password management can lead to embarrassing audit results.
6. Reduce and eliminate password reuse by making password resets easier
Quick question: how many passwords do you use each week?
If you are like most Internet users, the answer is probably at least a dozen passwords. The full answer could reach into dozens if you sat and thought about the topic. How do most users respond to this situation? They use the same password over and over again. In the corporate world, password reuse is partially driven by the pain of password resets. If you know it will take an hour or more to get a new password, you will probably reuse the same password repeatedly.
7. Use outside consultants to assess your cyber security arrangements
At the end of the day, password management is just one part of an effective cybersecurity program. If you are intent on protecting your brand, strong password management is crucial. That said, you may have other weak points in your cybersecurity defenses. If your company is considering a major expansion or going public, an external cybersecurity assessment makes sense.
Equifax Breach Caused by Lone Employee’s Error, Former C.E.O. Says (New York Times)
Password management and mobile security (Pew Research Center Internet & Technology)