Password Playbook

for Small Businesses

How to create, manage, and share
passwords easily and securely
 Table of contents

1
Threats and vulnerabilities
As your business grows, so do you and your team’s responsibilities.
One important area that will continue to demand your attention?
2
Productivity challenges
Protecting your company and data from cybersecurity threats.

3
Real-world examples
Data breaches and leaks are now a concern for all companies,
regardless of size. But small businesses have the added challenge
4
Checklist: common accounts
of limited staff and resources that can be dedicated to
cybersecurity tasks—and you’re already wearing more than
5
Getting started with a enough hats.

password manager
The good news? A password manager helps you safeguard
sensitive information and protect your business—and brand
6 Next steps reputation—while boosting employee productivity.

In this playbook, we show you how small-business

leaders can manage passwords to secure
company and employee accounts and protect
sensitive data—all while improving productivity.
 1 | Threats and vulnerabilities

Small businesses are embracing the opportunities

that modern technology like the cloud gives them—
but they’re also starting to realize this technology
creates security risks.
In response to the pandemic, 72% of surveyed small businesses (with 50–499
employees) across the world said they have accelerated their digital
transformation projects.1 Such rapid adoption of technology has left many small
businesses vulnerable to cybersecurity threats. Common threats include:
Compromised passwords: Nearly a third of cybersecurity incidents at small
businesses resulted in data breaches in 2020, and login credentials became
compromised in 44% of the confirmed breaches.2
Social engineering and phishing-related attacks: Social engineering Costs of cybersecurity
remains the top culprit behind data breaches for businesses of all sizes, and incidents to small businesses

phishing is the top type of action involved.

Ransomware: Nearly 80% of managed security providers (MSPs) surveyed in Median costs of incidents and
2020 reported that their small- and medium-business customers experienced a breaches to small businesses in 2020:*

ransomware attack in the last two years, and 92% predicted that these attacks No. of employees

will get worse.3
Cost

1–9
 $7,000

You work hard to grow your business and serve your customers. You can’t afford a 10–49
 $17,000

data breach, which could result not only in devastating financial costs but also in 50–249
 $50,000

loss of customers and business opportunities. To protect your growing company, 250–000

$133,000

you need the tools to secure your data access and accounts. *Based on data from eight countries

Source: Hiscox, “Hiscox Cyber Readiness Report,” 2020

IDC/Cisco, “2020 Small Business Digital Transformation,” 2020

Verizon, “2021 Data Breach Investigations Report,” May 2021
Datto, “Datto’s Global State of the Channel Ransomware Report,” 2020
 1 | Threats and vulnerabilities (con.)

How vulnerable are small businesses?

Cybersecurity is the top challenge when it comes to implementing technology

solutions for small and medium companies.1 Despite security concerns, however,
many small businesses are not taking the right steps to protect themselves.

Among companies with 50 or fewer employees, for example, 43% of business

leaders don’t have a cybersecurity defense plan.2 And while 65% manage their

83%
cybersecurity in-house, fewer than 10% of those businesses have an employee
dedicated to IT. Cybercriminals know that small businesses don’t have the staff
and resources to devote to cybersecurity—and that’s why they see small
businesses as easy targets for attacks.

Unfortunately, your business becomes more vulnerable as you adopt more

digital tools and apps. When your employees are accessing a variety of
accounts from anywhere or reusing their passwords, they’re creating a bigger Food for thought

attack surface for threat actors.

83% of consumers prefer to do business

That’s why a tool like a password manager is more important than ever, with companies that prioritize their data
helping you address the growing risks of your digital business. protection.

SMB Group, “SMB Digital Transformation Trends,” June 202

BullGuard, “New Study Reveals One In Three SMBs Use Free Consumer Cybersecurity And One In Five Use No Source: Shred-it, “Data Protection Report 2020,”
Endpoint Security At All,” February 2020 October 2020
 2 | Productivity challenges

Storing passwords outside of a password manager is not only risky

but can be incredibly ineffective, both for admins and employees.
Many admins resort to things like spreadsheets to keep track of
logins. But the manual process of managing even a small team’s
credentials quickly becomes cumbersome and time-consuming.

In the typical small business, IT duties like managing passwords often fall to the owner, general Are passwords impacting your
manager, webmaster, or some other employee who has various other day-to-day responsibilities. And if productivity? You’re not alone.

there’s an IT admin, that employee is already stretched thin, wearing many hats from help desk and In a 2021 survey of 1,000
network management to email administration and cybersecurity. Employee password resets and other employees, Dashlane found that:
password management tasks place an unnecessary burden on whoever fulfills the admin role.

35% of respondents feel

Consider some of the tasks involved for admins: overwhelmed by keeping
track of all their account
Onboarding and offboarding team members information and logins
Tracking down passwords for shared accounts 18% feel they’re wasting a lot
Resetting passwords manually when someone forgets their login of time trying to get into
online accounts
Getting the 2FA code if someone is OOO
49% create their own tricks
Recovering 2FA rights for an account managed by a former employee

and shortcuts for managing

logins
When you add in multiple accounts and cloud-based services for each employee, the time spent on
69% retrieve or reset their
these tasks quickly adds up. In an expanding business that continues to adopt new digital tools, manual
passwords at least monthly


practices for managing account access become simply unsustainable.

For individual employees, keeping track of passwords can also be frustrating, as can the time spent

typing in credentials whenever they need to access a cloud service. That’s why many resort to shortcuts Source: Dashlane, “The Future of
Security in the Hybrid Workforce,” 2021
like storing passwords in web browsers, compromising the security of your accounts and data.
 3 | Real-world examples

Data breaches that make the biggest headlines often involve large companies or massive numbers of impacted
consumers. But small businesses suffer cyberattacks and data breaches just as regularly as big enterprises. Although
those incidents often fly under the public radar, there are still plenty of examples of how small businesses get hit.

And, of course, there’s no shortage of headlines about cyberattacks and data leaks involving cloud services and apps that
small businesses use. When these providers experience a data breach, their user account credentials are typically sold or
leaked on the dark web. Cybercriminals count on the fact that many of those users recycle their logins for other websites
and services, and the attackers use these compromised credentials to gain access to other systems and services.

These three incidents illustrate some of the password-related risks and implications for small businesses.

Imperium Health phishing attack

Imperium Health Management, a small Kentucky company

that provides development services to Accountable Care
Organizations (ACO), experienced a data breach in
September 2020 that affected nearly 140,000 individuals.
The incident began with employees clicking on phishing
emails, which included links to websites that harvested their
email login credentials. The compromised email accounts
contained customers’ personally identifiable information Listen in to this conversation and
(PII) and protected health information (PHI).1 Q&A with white hat hacker Rachel
Tobac on demystifying the
HIPAA Journal, “PHI of Almost 140,000 Individuals Potentially Compromised in
fundamentals of cybersecurity
Imperium Health Phishing Attack,” September 2020 for you and your business.
 3 | Real-world examples (con.)

The stolen A-list celebrity data

The Facebook data breach

Grubman Shire Meiselas & Sacks, a small but prominent A couple of years ago, Facebook had a massive breach that
legal firm for the entertainment industry, came into the exposed some 600 million passwords (stored in plain text for
spotlight in 2020 after cyberattackers stole 756 gigabytes more than seven years!).3 Surveys show that 63% of people
of PII and other sensitive data on the law firm’s high-profile reuse passwords.4 So chances are high that some of your
clients (which include Hollywood A-listers, top athletes, and employees reuse their personal login credentials for
famous performers). The cybercriminals initially requested corporate accounts. By doing so, they’re making a
a $21 million ransom but doubled it when the company cybercriminal’s job ridiculously easy.

didn’t cooperate. They also leaked a 2.4-gigabyte folder

And keep in mind this was not the first time Facebook has
containing Lady Gaga’s legal documents.1

had a security incident, and the problem is not unique to

The cybercriminals used REvil ransomware, which is Facebook. Other popular services that had user credentials
commonly deployed in so-called double-extortion schemes compromised include LinkedIn, YouTube, TikTok, Zoom, and
that both demand payment to restore access and threaten Dropbox, among others. Do you know how many of those
to publish sensitive data for nonpayment. REvil often uses compromised passwords are still circulating in your
a phishing email or compromised credentials for Remote company, granting access to a lot more than just cloud
Desktop Protocol (RDP) as the initial attack vector.2
apps and online services?

Want to learn more about steps

you and your team can take to
Threatpost, “REvil Ransomware Attack Hits A-List Celeb Law Firm,” May 2020
CSO, “REvil ransomware explained: A widespread extortion operation,” November 2020
prevent data breaches and hacks?
Forbes, “Facebook's Password Breach Suggests The Public Sees Cybersecurity As Obsolete,” Download “A Business Guide to
March 2019
Visual Objects, Worker cybersecurity survey, November 2020 Data Breaches and Hacks.”
 4 | Checklist: common accounts

Now that you understand the risks that small

businesses face, let’s get started securing important

accounts (and protecting your customer data).

First, take a look at the accounts your team needs.

The more accounts, the higher your security risk if you’re not using

password management best practices. Shared logins, reused credentials,

failure to change passwords regularly, and the lack of 2FA are among the

factors that increase your security risks.

Here are some common accounts used by small businesses:

MailChimp Salesforce

Zoom Slack

Microsoft 365 FreshBooks

Facebook Xero

Instagram Gmail

Asana Calendly

Monday.com Dropbox

HubSpot Google Suite

 4 | Checklist: common accounts (con.)

Use the checklist below as a starting point to

understand your logins ecosystem.

Is this password
Is this login How is it
Account Owner? Is 2FA set up? used for other
shared? shared? accounts?

HubSpot Otto Loggins Yes Spreadsheet No Yes

Now that you have an understanding of your most important

accounts (and how those are being shared), head to the next
section for how to secure them.

 5 | Getting started with a password manager

You pack a lot of tasks into your daily schedule. Your

priority is on running and growing your business, not
on figuring out how to use new apps. You need tools
that are simple and convenient and don’t hinder your
ability to collaborate and communicate with
employees and customers—whether you’re on site,
at your home office, or on the go.
Dashlane makes password management easy by:
Clients
Filling in all your passwords across the web, on any device 4 items shared

Saving logins as employees browse the internet

Autofilling usernames, passwords, and 2FA codes on every account
Enabling secure sharing of passwords and 2FA codes (e.g., for shared
social accounts or for onboarding purposes)

And you can rest assured that your data is always secure. We use the
strongest encryption available and zero-knowledge security architecture, so the
info stored in each account is only accessible to the individual user. Plus, two-
factor authentication is built right in.

Haven’t started using Dashlane yet?

Sign up for a free trial today.
 5 | Getting started with a password manager (con.)

Here’s how to get started.

Onboarding (and offboarding) made easy

Set up groups

Complicated rollout and onboarding processes can hinder The Group Sharing feature allows Dashlane users to easily
adoption of tools like password managers, especially for a and efficiently share passwords and Secure Notes, making
growing business. As your security practices mature and you onboarding easy and secure. Admins can create groups
adopt new tools like single sign-on (SSO), Dashlane helps based on departments or company needs in the Admin
admins simplify onboarding. In addition to support for SSO, Console. Once created, both admins and individual users
we offer video tutorials, guides, and templates to help you can share information with these groups via the app. With
with successful adoption and onboarding.

Dashlane, say hello to secure sharing and goodbye to

Slacking or emailing passwords.

Want to see how easy it is to

get started? Check out our
onboarding video series.
 6 | Next steps

Now that you’ve got the basics down, let’s talk about what’s
next and some of Dashlane’s more advanced features.

Set up Dark Web Monitoring

Monitor and measure
Build a culture of security

Dashlane monitors the dark web for Every user gets a Password Health Score Keeping your company data and
compromised credentials. When that shows a breakdown of weak, reused, reputation protected is not simply
Dashlane finds an employee’s username or compromised passwords. In the Admin about the tools and processes you
and password on the dark web, those Console, you’ll be able to access your use—it starts with your employees.
credentials are immediately flagged in reporting dashboard. The dashboard’s Dashlane enables admins to make
the app. The app prompts the employee centralized view gives you unprecedented employees part of the security
to change the password—and provides visibility into your company’s password conversation and educate them about
a password generator for creating a security and the ability to track their active role in protecting your
strong, random password. Employees improvements over time. There, you’ll organization.

can add up to five email addresses to receive actionable insights on your

With Dashlane, admins can:
be monitored.

employees’ Password Health Scores and

be able to help at-risk employees update Track the overall company Password
their weak, reused, or compromised Health over time
With these tools and tactics passwords. As more employees update Benchmark security scores and
at your disposal, you can their passwords, you can track score measure progress
make your employees more improvement over time.

Identify risky employees and engage

secure—and productive—in them in discussions about safe
no time. password practices

See how Dashlane can help your

small business.

Reach out or start a trial today.

You and your team are instrumental to protecting your business

and maintaining customer trust and brand reputation. But you’re
experts in your products and services, not in cybersecurity. Ensure
you and your employees can focus on keeping customers happy—
instead of worrying about having your credentials compromised.

Follow us on: