How To Build A Business Case For A Password Manager in 8 Steps

Tony MasonCyber Security, Data Protection, Email Security, Password Management, Security Awareness & Phishing

There are many reasons to be investing in a Password Manager.

Verizon’s recent Data Breach Report showed that 81% of hacking-related breaches used either stolen or weak passwords.

This is because most users are faced with credential overload, being responsible for at least 200 passwords, and often revert to bad password practices, such as:

  • creating simple, easy to remember passwords
  • reusing passwords
  • saving them in browsers or on sticky notes

When your users save passwords in the browser, it makes it easy for the bad guys to hack into your network.

Verizon’s recent Data Breach Report shows that attackers are increasingly successful using a combination of phishing and password dumper malware to steal your users’ credentials.   Once hackers gain access, they can steal usernames and passwords to any accounts saved in browsers. With 50% of employees using the same password for work and personal accounts, this makes the risk of credential theft and account takeovers even greater!

So you know it’s important to get a Password Manager but your boss or their boss is still hesitant.  Follow this guide to get the buy-in you need to implement a password manager:

1 Reveal the Risk

The first thing to do is show that poor password habits can put your company data at risk.  This is especially the case when more people are working from home & using more applications than ever, with an ever-increasing digital footprint.  On average users have at least 200 passwords and use the same passwords for personal and work accounts.

2 Hear Them Out

It’s important to hear what hesitations the key decision makers have, whether that be cost, time or adoption. Then counter the arguments with facts, such as:

  • The average cost of a data breach caused by compromised or stolen passwords is $ 4.77 million according to IBM 2020.
  • 70% of people reuse passwords across business and personal accounts
  • 81% of all hacking related data breaches are caused by weak, stolen or reused passwords.
3 Highlight The Benefits

Focus on the tangible benefits of getting your employees to use a password manager.

  • Eliminating Reused Passwords
  • Secure Sharing of Passwords
  • Ensuring Employees Don’t Leave with Sensitive Company Information
  • Cutting Down on Help Tickets for Lost Passwords

Check out this webinar from our partners at KnowBe4 

And this article from the National Cyber Security Centre

4 Reveal Real Reviews

Investigate what other customers/suppliers have said about their experience with Password Managers. Our partner Dashlane helps 20,000 customers with 15 million users protecting their passwords.  Ask us for case studies:

5 Present Your Roll Out Plan

Put together a step-by-step guide, including employee training material, to make deployment seamless & simple.  To prepare your company for onboarding, send out an announcement message & create a password policy, if you haven’t already. Check here for a useful guide on What Your Password Policy Should Be.

Once you’ve rolled out your password manager, continue by following up on pending invitations to ensure everyone is onboard. Then use the dashboard to check your Password Health Score. You’ll be surprised when you first start off!

6 Show How A Password Manager Can Integrate With Existing Cyber Security Efforts.

If you are using single sign on, a password manager is even easier to integrate into your IT security systems.

A password manager can enable you to bring up the subject of password hygiene in your cyber security discussions. It will help you drive a security culture change within the business & provide you with true facts about the password health of all staff members & the company as a whole, showing you your level of risk.

7 Conduct A Test Run

Many providers of password managers offer you a trial run.  Our partner Dashlane offer a free 30 day free trial up to 500 employees and the results are fascinating.  Get in touch with us and we’ll set you up: 01628 362 784.

8 Make An Immediate Impact

During the trial period, as employees create their accounts, and start to save logins, you can start measuring your company Password Health. Getting full visibility into your Password Health can be an eye opener. 

From there you can identify employees with bad password habits and take action.

With Dashlane, at the end of your trial, you can see how you’ve improved password security over time in your reporting dashboard.  This will give you a strong business case for the board.

For more information on Dashlane, check here

For KnowBe4’s best practices guide, check here