Despite their size, small and medium-sized businesses (SMBs) are increasingly on the radar of cybercriminals. In fact, SMBs have become a prime target for cyberattacks. The reasons for this are manifold, and understanding these is an essential part of SMB cyber security strategy.
Most cybercriminals view SMBs as attractive targets because they usually lack extensive IT defenses and often don’t allocate significant resources towards cyber threat awareness training for their staff.
This situation, combined with common practices like using weak and/or similar passwords for multiple accounts that are easy to remember, keeping them on a Post-it Note or Excel spreadsheet for sharing among team members, only makes it easier for cybercriminals to breach SMB cyber security measures.
SMB Cyber Security: A Rising Concern
According to a study by Verizon, 43% of cyberattacks are aimed at small businesses. Yet 47% of SMBs have no cybersecurity budget, 51% of small businesses have no cyber security measures in place at all, while fully 87% of small businesses store valuable data that hackers seek, like bank account and wire transfer numbers, PINs, confidential product planning strategies, and customer credit card billing information, social security numbers, phone numbers, and addresses.1
Sometimes the SMB is the prime target of a ransomware attack. The rewards may be less, but the hackers make it up in volume. Small businesses rarely prosecute so criminals can be more aggressive without fear of prosecution. Many SMBs feel they have to pay the ransom to get back online or recover data, or risk going out of business before they can rebuild their systems.
Sometimes the SMB is probed as a backdoor means to enter their supply chain partners’ systems. Other times the SMB may be an innocent victim of an attack on a larger organization and its suppliers, or their cloud services provider.2
No matter the motivation, SMBs are being targeted for exploitation at an alarming rate, underscoring the need for robust SMB cyber security, especially as today’s remote workers continue to login to company networks via unsecure connections.
In fact, 80% of all hacking incidents involve compromised credentials or passwords.2 Yet employees still need to collaborate, access the same shared applications and drives, share data with outside suppliers and partners, make payments, accept customer credit card info, or access each other’s meeting calendars without exposing the company to a breach.
Password Management Best Practices for Improved SMB Cyber Security
SMB cyber security involves many elements and layers, including firewalls, anti-virus software, and VPNs, but a good cyber defense strategy starts with password management.
Password management does not only refer to strength, although clearly that is part of a solid password strategy.
What we mean here is that even if the character string is complex, if they can be seen by people who shouldn’t see them, if users have read/write capability to change them without permission, if they’re not encrypted or based on rules, then you really don’t have a password management policy.
Here are a few password management strategies that form part of small businesses cyber security framework:
- Educate employees about phishing and password safety. Teach them to check the sender’s URL before opening strange emails, look for typos, and never type a password into an email. Strongly discourage employees from keeping written passwords lists.
- Implement rules for password creation and sharing. Use a password generator tool with the flexibility to change lengths and use symbols to increase strength. Match employee roles to password-protected accounts and only share passwords with team members who need them to do their jobs. Not everyone needs to know every password.
- Activate two-factor authentication. Many apps have a mechanism to send a timed code to a user’s device to which they must reply to prove they are communicating with an authorized user before opening a session. Larger companies should look into Single Sign On (SSO) solutions for employees accessing multiple accounts.
- Change passwords regularly. Implement a password change policy that requires employees and vendors to update their passwords to their most sensitive accounts every 30 or 60 days. Once used, do not allow employees to recycle old passwords.
- Do not allow employees to use the password manager in their web browser. These extensions are usually not secure, and it only takes someone waking up an unlocked, unattended PC or laptop and launching the browser to see all stored credentials.
- Get a password management solution. These applications establish rules for who can see, use, and change passwords. The better ones have robust password generators, encrypt passwords for safe sharing, can trace access in the event of a breach, and more to take control of your IT environment.
- Get cyber insurance. Only a small percentage of SMBs have insurance to recover costs such as ransomware payments in the event of a breach. It could be all the difference for SMBs without deep pockets.
Passpack Password Manager is up to the Challenge
Passpack is an organization-wide secure password management and sharing solution optimized for businesses. With Passpack, you can easily set enforceable rules for safe password creation and sharing among all employees.
While we can’t stop your employees from falling victim to a phishing attack, and we don’t sell cyber insurance, Passpack can help you safely create, store, and manage the digital keys to your business in a centralized, encrypted digital vault, thereby greatly strengthening your SMB cyber security.
- Generate highly secure passwords. The password generator allows you to set the parameters you want employees to follow for password length and strength.
Passpack will not allow the use of passwords below the minimum level of difficulty you choose. - Secure password sharing and control. Passwords are encrypted using 256 AES encryption before transmission and decrypted after arriving at the target device.
Passpack is platform-agnostic, so all team members get universal access on any device. - Zero knowledge security model. Only Passpack end users have access to their data and credentials, and each account is protected by the user’s unique Master Packing Key.
Passpack never has access to encryption keys and can never share data with Passpack employees or third parties. - Create discreet teams for sharing. Administrators invite individual users to a team and control their level of permissions to access data. Centralized user management enables real-time control for onboarding new team members and/or revoking password access of terminated users as needed.
- Advanced security features. Passpack provides additional layers of security with two-factor authentication, limits the number of login attempts before lockout, recalls forgotten passwords, and more. Support for single sign-on (SSO) allows users at larger companies to access all their digital services through a single identity without having to enter passwords for each account.
New features are planned for to be released throughout 2023.
Getting started with Passpack is easy.
Passpack is a secure password management and sharing solution optimized for SMBs. With Passpack, SMBs can easily set enforceable rules for safe password creation and sharing among all employees.
From generating highly secure passwords, enabling secure password sharing and control, to providing advanced security features like two-factor authentication, Passpack is your reliable partner in SMB cyber security.
Effective SMB cyber security requires a combination of robust IT defenses, regular employee training, and stringent password management. Remember, in the world of cyber security, it’s always better to be safe than sorry.
Unlock the power of secure password sharing with Passpack. We offer versatile plans for businesses of every size for just pennies per user per day – a small price to pay for peace of mind.
Strengthen your SMB’s cyber security with Passpack today. Visit us at www.passpack.com, try our service risk-free for 28 days, and see how easy and affordable it is to safeguard your passwords, and by extension, your business.