10 tips for choosing the right password manager for your team

(Image credit: Natty_Blissful / Shutterstock)

A recent report showed that cybercrime costs the UK economy £27bn a year, with individuals and small businesses most vulnerable to cyber-related attacks. For some time, experts have been urging businesses to ramp up their security defences as the financial cost of breaches continue to grow in line with increasing threats.

According to the 2020 Hiscox Cyber Readiness Report, cyber losses have risen nearly six-fold globally in the past year. The largest loss from a single cyber incident was seen here in the UK, costing the company a huge $15.8 million. As more consumers and businesses are relying on online services in response to Covid-19, these figures are likely to rise even more in 2021.

While larger organisations and certain sectors – namely finance – are recognising the risks and upping their defences, smaller to medium sized businesses are a few steps behind. In the last 12 months, almost half of UK businesses (46%) reported having cyber security breaches or attacks. Often, smaller budgets mean cybersecurity tools are put lower down on business agendas. However, with the financial impact of cyber breaches increasing, businesses of all sizes need to look at their defences to determine whether their information and passwords are indeed, well protected. 

About the author

Gary Orenstein is Chief Customer Officer at Bitwarden

Unfortunately, problems tend to stem from a lack of awareness of how to stay cyber safe, with employees’ poor cyber hygiene habits seeping into the workplace. Research shows people are still choosing weak, vulnerable passwords despite knowing the risks associated with doing so. That being said, employees are faced on a daily basis with the challenge of remembering numerous passwords, maintaining secure information and other data for a myriad of systems, so it comes as little surprise that these passwords are still being chosen. For passwords to be secure, they need to be complex and unique for each app or service accessed, making them harder to remember.

Risks of cyber breaches are made even greater with employees still failing to learn how to spot basic phishing scams. We also find that too many employees fall into the trap of thinking that having antivirus offers them all the protection they need. So what can organisations do to ensure their information is secure?

The solution

Incidents of cyber breaches can drastically be reduced by the adoption of password managers across teams and organisations. Password managers allow employees to generate unique and strong passwords for every site they have access to or register an account for. This ensures passwords are not reused and allows organisations to create password complexity rules to minimise the risk of using weak and vulnerable passwords. Other policies can be put in place to ensure a certain level of security across all their employees’ accounts, even for systems they do not control. 

Some password managers also add an extra layer of security by creating and securely storing organisation passwords in collections that enable an administrator to share and update credentials without having to contact users with updated information through less secure channels. In this way, organisations can exercise centralised control over who has access to the information. 

Choosing the right password manager for your organisation can seem like a daunting task, but it’s relatively simple. First and foremost, the product needs to seamlessly integrate into existing applications to ensure there’s no disruption to working employees. Above all, however, it needs to be secure, reliable and scalable. With that in mind, we’ve put together a list of top tips to help you choose the right password manager for your organisation:

1). Ensure your password manager enables secure sharing with administrative controls; good password managers are not just about keeping your own password safe, but they also provide a full set of collaboration features that can be rolled out across your organisation. 

2). Look for cross-platform coverage; make sure you can access the vault across multiple platforms and devices, including iOS and Android, Windows, macOS, Linux and beyond. In working from home environments, employees are more likely to be using multiple browsers and devices. 

3). Check if two-factor authentication is supported; Two-factor authentication adds that extra layer of security. Good password managers support all major 2FA vendors and technologies. 

4). Consider open-source products with vibrant communities; the wider and more active the community, the more resources you’ll have available to your team to help solve any unique problems or situations that arise. Forums exist that can help you navigate simple queries too. 

5). Be sure products are audited and vetted by security pros; look for products that have a seal of approval by third-party security experts. If security pros are using the products, it’s a good one.

6). Find simple, transparent pricing plans; always look at the fine-print on pricing and look for options that can easily be scaled up without a major price-tag. Utilise free-forever plans or trials to try out password managers before you commit. 

7). Maintain options for cloud or self-hosting; when needed, make sure you have options for cloud and self-hosting options to suit all your business needs. 

8). Seek global coverage; for organisations with a global workforce, be sure to look for user activity in operated markets, including language translations. It’s no use having a password manager that your global workforce cannot use. 

9). Find a solution developers can work with; find products you can incorporate into your existing programmatic workflows for a seamless transition with options like a command line interface (CLI) and application programming interface (API). 

10). Find easy, no-risk ways to get started; make the most of free plans so you can try out the products. Trials that give you access to the collaboration features will allow you to explore how to share secure information across teams before signing on the dotted line.

To the future

Password managers have always been an important tool in preventing cyber breaches within organisations. With very affordable options out there, you can trust in the knowledge that your organisation is securely sharing secrets and passwords, as well as ensuring compliance with password complexity and best practices across your organisation. 

As employees continue to work from home due to organisational, cultural or global pressures it has become a business-critical objective to put a solid strategy in place for managing remote access securely with a password manager. Password managers coupled with continuous education can go a long way in keeping your organisation cyber secure.

Gary Orenstein is Chief Customer Officer at Bitwarden.