Pub 17 2022 2023 Issue 6

Note: Using your browser's “Save Password” feature to save passwords is not considered a safe or recommended way to store passwords. While some inherent risk stems from the mere use of any PM solution, understanding the risk of each solution should be obtained during the due diligence and vendor management process. Any risk remaining after the solution selection should be addressed in the IT risk assessment to ensure the solution’s risk score is acceptable to your organization’s risk appetite. Things to Consider When Changing Password Managers If your organization currently utilizes LastPass as a password management solution, it is absolutely appropriate to evaluate alternate PM products and solutions, as there are many viable password management vendors in the market. However, it is recommended that your organization only switches PM providers after doing your homework. Keep in mind your current investment with the incumbent provider. For example, even if you believe it’s in your organization’s best interest to switch PM providers, what does that transition look like? Does your current PM provider make it easy for you to transition all your sites and passwords to another platform, or will that transition be time-consuming and complicated? Alternatively, your organization may wish to shift from a cloudbased password manager to a device-based or on-premise version. Still, it is recommended that you evaluate the pros and cons of making such a switch. For example, if you currently have users utilizing a cloud-based PM and want to shift to an on-premise PM, what functionality will your users lose in that switch? If you are evaluating your password management solution, it is recommended that you do the proper homework (vendor due diligence and IT risk assessment) on alternative PM solutions to ensure appropriate security controls and risk mitigation measures are in place. Only once you’ve done the appropriate homework can you determine the best path forward for your organization based on an informed business decision.  SBS CyberSecurity does not partner with nor endorse any password management vendors or solutions. SBS helps business leaders identify and understand cybersecurity risks to make more informed and proactive business decisions. Learn more at www.sbscyber.com. 21

RkJQdWJsaXNoZXIy ODQxMjUw