Today’s rate of employee turnover means that your company is continually granting and revoking access to crucial systems such as ERP, CRM, payroll, purchasing, and social media. Without a consistent and robust password management program, this account churn creates cyber security risks in a hurry.
Let’s talk turnover. For an average company, up to 25 percent of new hires will leave in their first six months. Fifty percent will leave within 18 months. Millennials leave jobs three times more often than other generations–and they are the largest generation in the workplace.
How much cyber-security risk, you might ask? According to Hiscox Insurance, the average cyberattack costs a business $200,000. That’s enough to put many small organizations out of business.
The Life of a New Hire
Consider the six-month timeline of a new hire:
- Month 1—Your new hire spends hours, even days, waiting for or hunting down access to the dozen or more systems they need to do their jobs.
- Month 2—Prompted to update their accounts, your new hire creates new passwords, most likely based on their personal information that’s easily guessed from their publicly information on Instagram, Facebook, and LinkedIn. (This is how Victor Gevers successfully guessed President Trump’s Twitter password—twice.)
- Month 3—Your new hire now has so many company accounts that they write down their passwords and post them near their computer. Or, worse, they use the same password for every account.
- Month 4—Your IT department sends an email reminding employees about good password practices: unique, more than eight characters, upper- and lower-case letters, numbers, punctuation, blah blah blah. That email gets buried in your new hire’s inbox.
- Month 5—By now, your new hire may be underperforming in their new role, actively looking for a different employer, or receiving solicitations from recruiters. For whatever reason, they decide to skip IT’s internal webinar about cyber security best practices.
- Month 6—Your new hire leaves the company with little notice. There’s no central record of all the systems they could access, let alone their passwords. Your IT department now must scour all your systems to remove dead accounts. And if there’s a system where your new hire was the only one with access, good luck trying to get them to respond to your requests for help.
This isn’t every new hire at every company. But even a growing company with 100 employees repeats this cycle multiple times each year.
It’s inefficient, costly, and risky.
There’s a Better Way to Manage Passwords
Employee turnover is just one of many sources of weak passwords and abandoned accounts at your business.
Imagine, instead, a better way to manage passwords where:
- Your company is protected by uniformly strong and secure passwords
- IT has more efficient ways to issue, track, and revoke password access
- Users have fewer passwords to create and remember
Using an enterprise password management program is cyber security best practice for companies trying to make password work again for your users, your IT department, and your company.
We can tell you all the bits and bytes about Keeper, like how it uses AES 256-bit encryption and PBKDF2, the same standard that the U.S. government uses to guard information labelled TOP SECRET. But instead, here are tangible benefits of using Keeper for password management:
- New hires become productive more quickly
- Employees need only one password to secure and access all their accounts, systems, and files
- Two-factor authentication—through a code sent to the user’s mobile phone or a hardware key plugged into a laptop’s USB port—helps protect the system from hacking
- Access can be easily shared across teams as needed
- Departing employees leave no security gaps behind
How Keeper Password Management Works
We vetted many password management programs before selecting Keeper to include in our Defensor security suite. Keeper is the best password manager we’ve found for small businesses.
Using Keeper revolves around a secure vault. Each user has a personal vault that stores all their passwords. Users create one password, a master password, to access their vault. Once they’ve logged in to their vault, Keeper can fill in any password from the vault when it’s needed.
Passwords kept in the vault can and should be more complex and random than anyone can reasonably remember. A password like Tg^24xZGrKPS might be ugly and impossible to remember, but it will also require years for a computer to crack.
Winning Over Users
Instituting password management changes the way people work in your company, for the better.
Users at first will likely object to changes in how their passwords are managed. They’ll say it slows them down or invades their privacy. They see it as their passwords, not passwords that they use to access company systems.
But imagine if employees could manufacture their own office keys and access cards whenever they wanted. Or worse, keys to company vehicles. How secure do you think your business would be after a year? Yet this is what we do everyday with passwords.
Users will quickly warm up to the convenience of automated login through Keeper. Instructional videos will help them with adoption. They’ll also grow confident that their employer won’t be put out of business from a cyber security threat.