Today’s rate of employee turnover means that your company is continually granting and revoking login access to crucial systems such as ERP, CRM, payroll, purchasing, and social media.
Without a consistent and robust business password management program, this account churn creates security risks in a hurry.
Let’s talk turnover. For an average company, up to 25 percent of new hires will leave in their first six months. Fifty percent will leave within 18 months. Millennials leave jobs three times more often than other generations—and they are the largest generation in the workplace.
How much cyber-security risk, you might ask? According to Hiscox Insurance, the average cyber attack costs a business $200,000. That’s enough to put many small organizations out of business.
The Life of a New Hire
Consider the six-month timeline of a new hire:
- Month 1—Your new hire spends hours, even days, waiting for or hunting down access to the dozen or more systems they need to do their jobs.
- Month 2—Prompted to update their accounts, your new hire creates new passwords, most likely based on their personal information that’s easily guessed from their public information on Instagram, Facebook, and LinkedIn. (This is how Victor Gevers successfully guessed former President Trump’s Twitter password—twice.)
- Month 3—Your new hire now has so many company accounts that they write down their passwords and post them near their computer. Or, worse, they use the same password for every account.
- Month 4—Your IT department sends an email reminding employees about good password practices: unique, more than eight characters, upper- and lower-case letters, numbers, punctuation, blah blah blah. That email gets buried in your new hire’s inbox.
- Month 5—By now, your new hire may be underperforming in their new role, actively looking for a different employer, or receiving solicitations from recruiters. For whatever reason, they decide to skip IT’s internal webinar about cyber security best practices.
- Month 6—Your new hire leaves the company with little notice. There’s no central record of all the systems they could access, let alone their passwords. Your IT department now must scour all your systems to remove dead accounts. And if there’s a system where your new hire was the only one with access, good luck trying to get them to respond to your requests for help.
This isn’t every new hire at every company. But even a growing company with 100 employees repeats this cycle multiple times each year.
It’s inefficient, costly, and risky.
There’s a Better Way to Manage Business Passwords
Employee turnover is just one of many sources of weak passwords and abandoned accounts at your business.
Imagine, instead, a better way to manage passwords where:
- Your company is protected by uniformly strong and secure passwords
- The IT department has more efficient ways to issue, track, and revoke password access
- Users have fewer passwords to create and remember
Business password managers a part of cyber security best practices for companies trying to make passwords work again for their users, their IT department, and their company.
At Fortis, we include Keeper password management as one of the many tools in our Defensor suite of cyber security apps.
We can tell you all the bits and bytes about Keeper, like how it uses AES 256-bit encryption and PBKDF2, the same standard that the U.S. government uses to guard information labeled TOP SECRET.
Beyond just features, here are the tangible benefits of using Keeper for password management:
- New hires become productive more quickly
- Employees need only one password to secure and access all their accounts, systems, and files
- Two-factor authentication—through a code sent to the user’s mobile phone or a hardware key plugged into a laptop’s USB port—helps protect the system from hacking
- Access can be easily shared across teams as needed
- Departing employees leave no security gaps behind
How Keeper Password Management Works
We vetted many password management programs before selecting Keeper to include in our Defensor security suite. Keeper is the best password manager we’ve found for small to mid-sized businesses.
Using Keeper revolves around a secure vault. Each user has a personal vault that stores all their credentials. Users create one password — a master password — to access their vault. Once a user logged in to their vault, Keeper can fill in any password from the vault when it’s needed.
Passwords kept in the vault can and should be more complex and random than anyone can reasonably remember. A password like 91vt1m8Z12Pb7>b2PS1 might be ugly and impossible to remember, but it will also be impervious to brute-force attacks.
Keeper users can click the die icon to randomly generate a unique password for an account.
Winning Over Users
Instituting password management changes the way people work in your company, for the better.
Users at first will likely object to changes in how their passwords are managed. They’ll say it slows them down or invades their privacy. They see it as their passwords, not passwords that they use to access company systems.
But imagine if employees could manufacture their own office keys and access cards whenever they wanted. Or worse, keys to company vehicles. How secure do you think your business would be after a year? Yet this is what we do every day with passwords.
Users will quickly warm up to the convenience of automated login through Keeper. Instructional videos will help them with adoption. They’ll also grow confident that their employer won’t be put out of business by a cyber security threat.