By AWC staff
At AWC’s recent Member Expo event, we spoke with Jim Kilmer, a division director with The OPAL Group. He gave an overview of practical steps cities can take to increase their cybersecurity. In the excerpt below, edited for length and clarity, he discusses password managers—an important and relatively inexpensive tool that city leaders can consider.
It’s very important for people to realize that cybersecurity is not a monolithic thing. There is no magic box with blinking lights on it, no matter how expensive, that is going to 100 percent protect you from all cybersecurity threats. Looking at
it from that perspective, every little thing you can do helps. And there are a lot of little things, and very inexpensive ones, that particularly nontechnical users can do.
Password managers are one of the big ones. It’s a category of software that is very easy to use, so much so that when you start using it, you will have no idea how you survived up until this point without it. It’s a piece of secure software
that will keep all of your passwords in an encrypted vault and then autofill them into your browser or into your applications when you need to log in. It will allow you to create a very complex password that’s unique to every site you log in
on.
If one site is compromised, the cybercriminals can use your email address and the password from that site to test thousands of other sites to try and get in. That’s called a sideways attack, and it is one of the big ways that account for information
being compromised these days. So the key is to have unique and secure passwords for every site you use.
But the human brain is just not wired to remember hundreds of passwords for all the systems we have to access these days. That’s why it is very common for people to reuse passwords or reuse variants on passwords. It’s a common practice, but
sideways attacks are what make it so dangerous.
Some common password managers that we see are: 1Password, Dashlane, and LastPass. These cost on average between $3 and $5 per user per month. So for $60 a year per user or less, you can give your employees access to one of these password managers and
make yourself measurably more secure.
The human brain is just not wired to remember hundreds of passwords for all the systems we have to access these days.
And as an added bonus, this is something they can also use in their personal life. They can use it for their own banking and credit cards and tax records, and everything else they might want to have accounts for.
And it measurably increases your security. Studies have shown that folks using password managers are hacked at a fraction of the frequency of people who are just trying to remember their passwords or have them on a Post-It note under their keyboard.
Jim Kilmer, Jr. is a partner and division director for The OPAL Group, which provides a variety of information technology solutions and services.
For more information: theopalgroup.com
The password is ...
Most password managers do more than just remember your kids’ birthdays and former pets’ names—they also include a password generator. These tools allow users to quickly create highly secure passwords. And since these computer-generated
passwords are saved within the password manager, there’s no need to commit them to memory.