Meet Tom. Tom works at Acme Consulting, a 25-person company. As the senior "tech guy" at Acme, Tom wears a number of hats, including having responsibility for IT and security. Tom tries his best to protect his company, but he's got his share of problems (and his colleagues don't always help out), as we'll see in our ongoing series Tom's Tales....
Tom takes great pride in the efforts that go into securing the workplace. Nevertheless, while walking through the building yesterday, he cringed at the flood of yellow sticky notes scattered around the cubicles.
With growing concern, he noted many of the notes displayed the logins and passwords for a variety of accounts. This password information, if taken or lost, meant the company could lose important data or worse, have it exposed to others. Tom is deeply concerned about the risk of a data breach created by poor password management. He decides to implement the following strategies.
Put Your Foot Down
Get management buy in and make it company policy that security is important and passwords are keys to security. That means changes in behavior that are enforced -- no more sticky notes and no more sheets of password lists in drawers. Some employees have a hard time with change. Lester, the grumpy traditionalist in accounting, keeps scrawling out passwords. Instead of giving what Lester would consider "yet another reminder from the IT guy," Tom escalates the issue to their CEO, who tells Lester in no uncertain terms the behavior needs to change.
Although security is the primary consideration, there is also a practical consideration for employees. Since many important passwords should be changed frequently, it isn't practical for Lester to keep writing new sticky notes that may soon hold old information.
It's non-negotiable: Stop using sticky notes to remember your passwords.
Don't Use A Spreadsheet
Tom initially thought he could collect all of the sticky notes and organize them in one big shared spreadsheet. Spreadsheets are easy to create and share, but Tom realized they have serious issues and limitations when it comes to passwords. They don't provide much additional security. Spreadsheets are easily accessed and can be edited without too much difficulty. A spreadsheet can be password protected, but only with a single password that has to be distributed to everyone in the organization. If it was ever compromised, the thief would have access to all passwords. With a shared spreadsheet, it's also hard to limit which employees have access to which passwords.
Avoid Human Error as Much as Possible
Tom wants to find a way to limit the access to changing and updating passwords. He'll have trouble if multiple people across departments and levels in the organization have control over passwords. The odds are that human error will play a part in problems with passwords. Tom wants to give each employee the ability to manage passwords relevant to themselves only, each department the ability to share those passwords relevant to them, and then create a shared set of passwords for the whole organization. Finally, he wants only himself to have the ability to have the ability to control and monitor all aspects of the password manager system.
Get a Good Password Manager
After research, Tom discovers the best way to accomplish these goals is to implement a company password manager program. Tom chooses TeamsID, a service that helps companies like Acme Consulting manage their passwords and keep them safe and secure. TeamsID helps employees organize passwords so they won't have to spend painful minutes looking up the right one. Tom can easily create teams by department, give permission to different people in the company for various sets of passwords, and each employee can control their own personal password manager.
When Tom decides to use TeamsID to protect the company passwords, his life - and his office - is magically transformed.
If your office is littered with hundreds of yellow notes, you can find a better solution to your password protection by implementing a good password manager like TeamsID, avoiding human error, and saying "no" to spreadsheets that don't have good security measures.
Learn More About TeamsID
If you are working in an office that uses web or cloud services, TeamsID helps ensure your data is secure and your employees are more productive. All passwords, company as well as personal, can be managed, updated, and shared with only the people who need them. Permissions can be set on a team or individual level, so you never have to worry that the wrong people are seeing information. No more "lost password" calls to IT. No more emails or calls between employees regarding passwords or password changes.
See how TeamsID works, and take a look at how it made Tom's job infinitely easier.
Read more about Tom's IT Security Nightmares, and how they can be eliminated in our Free eBook, 3 Impending IT Security Nightmares, and How to Prevent Them. Click here to download it now.