Old IT infrastructures – risk to business operations and how managed services offer the solution
2. October 2024
The underrated Windows 11 clipboard – More than just copy & paste, but what about security?
7. October 2024The password dilemma in companies: Practical examples and consequences
In many small and medium-sized enterprises (SMEs), password security is still criminally neglected.
Employees often rely on insecure methods, such as Excel spreadsheets or simple note apps, to store passwords.
However, the dangers of these practices are enormous.
Let’s take the example of a fictitious company, Müller AG, which works with confidential customer data.
The employees store their passwords in a shared Excel spreadsheet to facilitate access to systems.
One day, the Excel file is compromised by a phishing attack.
An undetected Trojan allows the attackers to access all the access data stored in it.
Within a few hours, sensitive customer data and company information are lost – the damage amounts to tens of thousands of francs.
Another example: Koller GmbH, an IT service provider, relies on secure passwords, but without the use of multi-factor authentication (MFA).
An employee falls victim to a phishing attack and inadvertently reveals his password.
Without MFA, the attackers can immediately access the systems and paralyze them.
The damage to the company’s reputation is immense, and customers cancel contracts due to the loss of trust.
Why free password managers are often not enough
Password managers are an excellent solution for securely storing and managing passwords.
There are both free and paid solutions on the market, but many companies underestimate the additional benefits that paid offerings provide.
Let’s take Schneider IT Services as an example, which initially relied on a free password manager.
It quickly becomes clear that the solution offers basic functions, but no advanced team function.
This means that passwords cannot be shared securely between employees and administration quickly becomes confusing.
In contrast, Huber AG invested in a paid password manager at an early stage.
This not only offers the option of generating and saving secure passwords, but also includes a team function.
Employees can securely access passwords without having to change them manually.
In addition, many of these solutions already have single sign-on (SSO) integrated, allowing access to various applications with a single login – all securely and encrypted.
The advantage of paid password managers
Paid password managers offer considerable advantages over free versions.
Here are some key differences:
-
Team functions: Advanced team management is often integrated into paid password managers.
This allows companies to ensure that passwords are stored centrally and only used by authorized persons.
At the same time, it is possible to assign and manage access rights individually. -
Single sign-on (SSO): Many companies use numerous different applications.
With SSO, employees can log in to all applications with just one secure password and, if necessary, MFA.
This increases security and simplifies access to various services. -
Security reports and monitoring: Many paid password managers offer the option of creating security reports so that companies can immediately see if passwords are compromised or weak.
Suspicious activities such as failed login attempts are also reported immediately. -
Automated backups and encrypted storage: In contrast to free versions, which often offer limited storage options, passwords are backed up automatically and highly encrypted in the cloud with paid solutions.
This means that no access data is lost even if a device is lost.
Why MFA is essential
Password managers alone are not enough.
Even the strongest password can be stolen in a successful phishing attack.
For this reason, it is essential to implement multi-factor authentication (MFA).
MFA ensures that in addition to the password, a second factor – usually a time-based code or biometric – is required to access an account.
A practical example: MFA was introduced on all accounts at Lehmann Consulting.
When an employee fell victim to a phishing attack, the attacker was unable to do anything with the captured password as he did not have access to the second authentication factor.
The attack was averted and the company remained protected.
Conclusion: Security starts with the right password management
The combination of a strong, paid password manager and MFA is essential to ensure IT security in organizations today.
At a time when cyberattacks are becoming increasingly sophisticated, companies need to ensure that their sensitive data is not compromised by weak passwords and insecure management practices.
Take advantage of these tools and put security in place before it’s too late. Contact us for comprehensive advice on the best password and security solutions for your company!
