By Chris Corde
Today’s SMBs are run on cloud applications. From Asana to Dropbox to Salesforce, businesses achieve instant levels of productivity by deploying and using cloud apps. However, this also forces organizations to manage a myriad of identities, introducing multiple points of failure from a security perspective. Here are some useful tips that can help your business use these apps productively while maintaining the proper security.
1.) Create a unique, complex password for every account, device and system
As a result of creating multiple application identities, and the passwords associated with them, employees and their organizations fall prey to a number of poor habits which can result in a security breach. The sharing of passwords among employees, using weak, easy to remember passwords, or even keeping passwords saved in a spreadsheet are some of the ways people leave the door open to hackers and assorted miscreants. By creating a unique password made up of numbers, letters, and symbols for every account, app, device, is the only way to keep your data secure.
2.) Use a password management tool
The easiest method to have a separate password for everything is by using a password manager. Use a password vault to ease the burden of password management and encourage strong passwords that don’t have to be committed to memory.
3.) Use a tool to allow for account sharing without sharing the password itself
There are legitimate reasons to share accounts in businesses. Teams often share these passwords over email, instant message tools or other non-secure ways. Password vaults – specifically those that are designed for business and team use – mitigate risks while also adding convenience to the day-to-day activities of end users. They help encourage proper password hygiene and allow for centralized account management across various different applications. Team accounts can be managed so that an administrator can enable or disable user access to apps centrally when someone joins or leaves the company.
4.) Use multi-factor authentication
Multi-factor authentication requires something in addition to the user name and password to access an account. After the password is entered, the user might receive a text message to their phone with another code that has to be entered. This ensures that if a password is stolen, a hacker still has a second roadblock that prevents access to your accounts.
5.) Teach and encourage common sense
Employees want to do the right thing from a security perspective, but humans are always going to be the weakest link in the chain. It’s the human element that forces us to default to a simple password because there are too many to remember. Research shows that only 1 percent of people use a password manager on a regular basis. Be sure to inform your employees of the risks and remind them to take that extra step to keep their passwords secure.
Meldium from LogMeIn is a password vault that is a combination identity and access management tool that automatically logs the user into their favorite apps and web sites without having to type usernames and passwords. In addition, team accounts can be managed so that an administrator can enable or disable user access to apps centrally when someone joins or leaves the company.
Chris Corde is the director of product management for LogMeIn’s IT Management portfolio. He oversees the core remote access and monitoring solutions, cloud identity management, and cloud app discovery products. Prior to LogMeIn, Corde had a 9-year tenure at EMC Corporation and held a variety of product and strategy roles, most recently senior director of corporate development and strategy for RSA, the Security Division of EMC. Prior to joining EMC, Corde was a Java Engineer at a number of New York startups, including FreshDirect, Unicast Communications, and Broadview Networks.