Why today’s Accounting firms need to look at password management
Let’s be honest, It’s difficult to create and remember secure passwords for a few different accounts, let alone the dozens of accounts you handle at your accounting firm every day.
While retail password managers do a good job of keeping passwords in one place, they don’t have the advanced security features and access control that’s required to keep an accounting firm secure.
Daisy-chaining passwords—using the same passwords for multiple or all accounts—is a high risk password management habit.
Unfortunately, it’s one that still runs rampant. 54% of all employees reuse passwords across multiple work accounts. The problem is that once one of those passwords are breached, other accounts that share the same password are then in danger of being breached as well
Case Study: Faulty Password Management
Here’s a real-life example. An employee who re-used a work email and password to sign up for a certain site was alerted that the site suffered a data breach. As this employee’s password was the same for that site and their work email, they alerted their firm and the firm had to be proactive in issuing an email to clients about the potential compromise to their data.
Apart from the financial and legal consequences of a possible data breach, reputational damage to a firm is also a severe flow-on consequence in this situation. While the firm in this example did not suffer any data loss, they did lose valuable money and time investigating the possible breach and lost trust when informing clients.
The lessons to be learned:
The biggest lesson that can be taken away from this case study is the importance of team training. Employees need training on what the major cyber threats are, and the latest techniques being used to implement them.
Practice Protect University was built for our clients to help solve this issue, providing on-demand, up-to-date training for accounting team members.
The other lesson this real-life case study leaves us is with is to implement policies around password complexity and password hygiene. Make sure that employees aren’t using their work emails and credentials to sign up for personal accounts. As well, it’s important to impress on employees that keeping their passwords safe also means keeping your firm, as a whole, safe.
Practice Protect lets you control password complexity. It also lets employees access apps without them knowing the passwords. This means passwords can’t be reused and compromised, employees don’t need to memorise passwords, and you don’t have to be the password manager for your firm.