As humans, we like to take the easy way out. We figure that less work is better as long as we’re able to accomplish what we set out to do. Sometimes, that’s a good thing. The “less work” mantra has been responsible for countless inventions that have made life much easier. However, when it comes to the security of your workstations and network, “less work” is not always the best option. Let me explain.
We know of a business that seemed to be doing everything right regarding security. Their systems are managed by a Managed Services Provider (MSP), they’ve installed a state-of-the-art Backup/Disaster Recovery system, their anti-virus and anti-malware programs are up-to-date and systems are scanned daily, they use micro-shredders and destroy all paper documents, and they’ve implemented a clean desk policy. In short, they had their act together — except for one little detail:
EVERY person in the firm, management and employees alike, had their browsers set to remember logins and passwords for frequently used websites.
This was very convenient for them — one click access to billing systems, bank accounts, credit card accounts, social media accounts, even their online CRM system. It’s also very convenient for hackers!
If you’re guilty of doing this, THEN STOP IT! The one thing you must do is immediately reset your browsers and delete the passwords they contain.
Look, I understand all about convenience. It’s hard to remember all of those passwords and a pain to enter them multiple times during the work day. It’s also a HUGE risk and liability. Does your company need to be HIPAA and/or PCI compliant? What about your client’s personal information? If there is a breach, how do you think your security will be viewed by investigators?
If a hacker gains access to your system, your confidential and critical information is wide open for the taking. In fact, a hacker doesn’t even have to steal your passwords. All he has to do is gain access to your PC and click on a URL in your favorites — the browser will do the rest. Easy pickings, for the criminal.
There is a way to have the convenience of automatic website logins without the risk. As a business, you should use a password manager like Dashlane to manage your company’s passwords and control who has access to them. Dashlane allows you to share access to sites with only those that need them.
For example, bank account access can be managed by the Controller and shared with appropriate personnel and no one else. Should duties change and or employees leave the firm, their access can be removed. This makes it great for companies to centrally manage access to critical website applications.
Here’s another cool feature: when logged into Dashlane, all you have to do is open the site on your browser and Dashlane will automatically log you in. You don’t have to remember anything.
Dashlane can be set to log you into sites across multiple browsers. So, all you need to do is enter the login/password information into Dashlane once, and it will log you in regardless of the browser you’re using at the time.
Here are a few things to remember:
- Use a super-strong password for logging into Dashlane. Weak passwords make it possible for hackers to crack. For tips on how to create a strong password, read our post, “Password Security is a Big Deal!”
- Make sure the master password is something you can remember. Although Dashlane has a way for you to reset your password if needed, many other password managers do not and if you can’t remember it you are out of luck.
- Set Dashlane to automatically log you out after a certain period of inactivity. You don’t want a hacker to gain access after-hours to all of your passwords because you forgot to close the application.
Dashlane has many other features that you can review for yourself on their website. There are free and premium versions for you to select. Keep in mind that Dashlane is not the only game in town; there are others. A quick Google search will give you a list to investigate. Do the research.
The point of this article is to show you that having your browsers set to automatically log into confidential sites is a risky security habit and can come back to bite you should you get hacked.
Not convinced? OK, just ask yourself this question:
“If a breach occurs and my company’s confidential information is stolen, was the convenience I gained by having critical passwords loaded into my web browsers worth it, especially when viable, convenient and free alternatives exist?”
Please, think about this very carefully. It’s important to your business.
XSolutions is a Managed Services Provider (MSP) and provides 24/7/365 remote monitoring, scheduled workstation and server maintenance, Help Desk Services, Cloud & Hosted Services, Backup/Disaster Recovery, and Software Development. Call us at (845) 362-9675 and see how we can help your company.