The Bitwarden Blog
The Benefits of Password Managers for Finance Companies
August 31, 2021
Finance companies often use a suite of tools to protect account credentials and secure data, including password managers. When used as part of a multi-layered cybersecurity defense strategy, password managers for finance companies help prevent unauthorized access to confidential information and empower employees to be more secure.
From February to April 2020, cyberattacks against companies in the financial sector increased by 238 percent, according to VMware Carbon Black data. Some companies prevented the attacks from being successful or mitigated the consequences, but a few still experienced significant business disruption and financial losses.
Finance companies today still face similar challenges, with the biggest threats including:
- Hacking and malware
- Accidental disclosures
- Insider Threats
- Physical breaches
- Supply chain/third-party vendor exposures
Companies can strengthen cybersecurity plans by investing in secure tools to help mitigate risks and empowering employees to improve their security habits.
Successfully defending against cyberattacks requires a multi-layered approach to help pave a path to stronger cybersecurity. We believe that ’people security’ represents a powerful and untapped security weapons for your arsenal. Employees can learn how to practice good behaviors such as securing passwords.
The adoption of password managers for finance companies, alongside additional security measures, can significantly reduce the occurrence of data breaches. Employees can create and securely save complex, unique passwords for each system, account, or service. Companies can create password policies to ensure passwords are not reused and minimize the risk of employees using weak or compromised passwords.
Password managers for finance companies help maintain the adequate internal control structures required by SOX and comply with the SEC´s guidance showing “adequacy of preventive actions taken to reduce cybersecurity risks.” The SEC has previously warned it will take a dim view of companies who cannot complete regulatory filings due to an avoidable cyberattack.
Implementing a password manager also helps finance companies comply with the security requirements of state privacy laws such as CCPA or the California Consumer Privacy Act which protects consumers’ privacy rights for California residents. Furthermore, several states are introducing incentives for private companies to adopt cybersecurity standards based on NIST or the National Institute of Standards and Technology best practices – which include guidelines for protecting account credentials.
Password managers for finance companies should have certain capabilities to help comply with industry and state regulations. These include:
- A Zero Knowledge Encryption Model: Password managers with a zero knowledge encryption model encrypt all vault data without exception. Password managers without this capability can leave some vault data (i.e., unencrypted URLs) visible to the vendor and other third parties.
- Cross-Platform Compatibility: Password managers should have cross-platform compatibility across a wide range of browsers, mobile, and desktops applications and support two-factor authentication options so credentials stay secure regardless of the device used.
- The Option to Self-Host: Choosing a password manager that offers finance companies the option to self-host in a private cloud or on-premises provides complete data control and supports compliance with industry and state regulations requiring knowledge of data location.
- Enterprise Logging Capabilities: Logging capabilities enable companies to understand user behaviors better and provide the audit trails necessary for forensic analysis. Some password managers also integrate with SIEM solutions. Audit logs monitor who creates, changes, and shares passwords to increase employee accountability for security. Aiming to minimize the likelihood of successful phishing attacks, the password manager should retain official site URLs to help raise a flag when on imposter sites.
- Encrypted File Transmission: Certain password managers facilitate encrypted document transmission over the Internet. This is ideal for finance companies – especially those with a remote or distributed workforce – as files are encrypted on creation and can only be decrypted by the recipient.
- Password Policies: Most password managers have random password generators that can create strong password combinations, but not all systems allow companies to apply policies stipulating passwords must be at least a certain number of characters in length and include a combination of letters, numbers, and special characters. Policies can also empower employees to practice good password hygiene and avoid less secure shortcuts.
When evaluating password managers for finance companies, consider open-source solutions that have been independently audited. Open source solutions are continuously tested by a global community to examine the source code, understand its operation, and identify potential vulnerabilities. Independent audits further ensure solutions operate as intended.
A password manager such as Bitwarden has the recommended capabilities of password managers for finance companies. Try Bitwarden yourself with a 7-day Enterprise free trial today.
Back to Blog