From 7ab1fb8cead5e1095c9dc3b60c4d4b125f117ce6 Mon Sep 17 00:00:00 2001 From: James Ravenscroft Date: Tue, 27 Dec 2022 12:04:04 +0000 Subject: [PATCH] fix some typos --- .../posts/2022/12/27/post-lastpass-password-management/index.md | 1 + 1 file changed, 1 insertion(+) diff --git a/brainsteam/content/posts/2022/12/27/post-lastpass-password-management/index.md b/brainsteam/content/posts/2022/12/27/post-lastpass-password-management/index.md index d08d1ee..671ee4c 100644 --- a/brainsteam/content/posts/2022/12/27/post-lastpass-password-management/index.md +++ b/brainsteam/content/posts/2022/12/27/post-lastpass-password-management/index.md @@ -95,6 +95,7 @@ For internal applications you can use SAML/SSO solutions in combination with mul I'd absolutely assume that you do also need some kind of password management solution because if you don't supply one your employees will absolutely start sending each other passwords unencrypted over slack. A hypothetical (and lets face it, pretty horrifying) conversation might look like this: > **Account Manager** "can you change something for me on the customer's system?" +> > **Business Consultant** "I'm busy with another client right now, but you can log in with your client's email address and `hunter2` and do it yourself..."). Firstly, make sure that you have explicit policies and processes for password sharing in your employee handbook and make sure that your team know about it. At my current company we run mandatory cyber-security training annually and as part of onboarding for new staff. Secondly, give your team tools that empower them to share credentials as securely possible. If that's via some kind of cloud-based password management platform then you can at least keep an eye on what is happening and, if and when that system is breached, you know which of your employees' credentials may have been compromised (versus in a shadow-IT scenario where you have no idea that employees are using a system that has recently been compromised).