You have probably heard about the importance of password management, but did you know that you can easily help your clients protect their passwords as well? Read on to learn more about why this is important and what you can do to help them keep their accounts secure.
Password sharing is an easy way for people to access each other’s accounts without having to remember multiple logins. But when you share login information with someone else, it's important you take precautions to ensure that these credentials aren't intercepted along the way and used maliciously to harm your clients business.
One of the easiest ways for this breach to occur is for the original email, private message or text that contained these credentials to get leaked or shared with the wrong party either in the moment or possibly months later.
If you're anything like me you could have dozens of login credentials from clients sitting in your inbox from current or past projects.
But let's be honest, the reason this is the case is because it's so easy to simply paste in those login details and hit send. Is it really worth logging into a password manager, adding the credentials, sharing this with your client and then asking them to sign-up to the same password manager so that they can access it?
Probably not, and that's where a simple tool like instantsecurelink.com can come in handy. Simply visit the website, paste in the credentials and share the encrypted link it provides. Once the intended recipient opens the link it's then destroyed forever.
This isn't the only way to project your clients accounts however. Now that you can both easily share confidential information between each other it's important that you still protect these credentials at both ends, so let's take a look at a few easy ways to do this.
Educate Your Clients
Your clients will likely already know the basics but it's probable that most won't be utilising this knowledge, such as never reusing passwords across multiple sites or enabling two-factor authentication (2FA) on their accounts.
The main reason for this is that these options are usually a hassle to implement and use on a daily basis so a great first step into cyber security can be to simply start using an encryption tool like Instant Secure Link since it only takes a few seconds to use and clients feel better knowing they're protecting themselves without the hassle of 2FA or changing passwords.
If they're easily using this tool I'll then start to suggest additional security measures depending on their needs and willingness to use them.
Use a Password Management System
If your clients are going to start using different passwords it's unlikely they're going to enjoy remembering these for every website they use, that's where a password manager comes in. One of the most common reasons I see clients not use a password manager however is because of the time it initially takes to set up (changing passwords on every website they use and adding these to the password manager).
This approach isn't the only option however, I've shown several clients that they don't need to set everything up on the same day if they don't need to, it can simply be something they add too over time. For example, when they find themselves logging into a website that isn't added to their password manager yet they can simply change the password and add it. Give it a few weeks and almost every account they use will be added. This removes that initial roadblock of needing to login to dozens of websites and change all these passwords in a single afternoon to start using a password manager.
Implement Security Measures
It’s not always enough to just tell your clients to use a password manager, additional security measures may be necessary too. This includes things like changing passwords regularly and enabling 2FA. Two-factor authentication requires users to enter a code sent via text message, phone call or authenticator app when logging into an account.
I only strongly recommend these additional steps to clients on a case-by-case basis depending on their industry and other factors because if you start implementing too many annoyances to their daily workflow they won't bother using anything and I'd rather they use a strong password and management software without 2FA then nothing at all.
Monitor User Activity
One of the easiest ways to ensure that your clients are taking good care of their passwords is by monitoring user activity and this is something that you can build into your support services or care plans as a basic cyber security add-on.
If you notice any suspicious activity, such as attempted logins from unknown IP locations or are notified about a recent security breach on one of the sites they use, you can alert your client immediately.
To track if an account of your clients has been leaked you can set up an email notification for an entire domain on haveibeenpwned.com for each of your clients. This is a great value-add and not something offered by many (if any) of your local competitors!
If you’ve got any questions about introducing your clients to basic cyber security or adding these into your support packages please don’t hesitate to reach out to me in The Admin Bar Facebook group!