Password Security in an Online World
A SafeBox is the Answer
Keepass, Excel and an overwhelming majority of encrypted storage systems are designed for single users - you get an encrypted file with a key to open the entire file. If you want to share information within your organisation for example and you give the file and key to everyone, then everyone has everything. You do not know where they keep the file or what do they do with the key. You do not know whether or not they have given the file and key to someone else.
While there are some other programs that can generate an encrypted file on demand - each person then may have access only to some information - this, however, is the only slight security improvement. Everything that is written above still applies. Furthermore, there may be one or more Administrators, who have access everywhere and to all the information.
Let’s consider an example - if an accountable user saves bank account access information surely they don't want an Administrator whom they don't know to have access to it. On the other hand, the organization does not want such data to go without back-up or to be on a cell phone that can get lost. Or worse still, written on a piece of paper at someone’s desk.
There are other horror stories - an employee with an "everything" file may be leaving and not on good terms. What then? If this person only saw say 100 of the total 5000 security records then with some moderate effort we could change all of the information in the 100 records - provided we knew what they had seen and hadn’t seen. But what if there were no way of knowing what they had seen and so all 5000 records (and systems, accounts etc.) had to be changed. This is an entirely different level of difficulty, both time-consuming and financially demanding.
Whenever you need to share sensitive information with a customer, a partner, legal representation or an external, you are always facing the question - how can we do this safely and surely? An encrypted file with good quality is relatively safe, but how do you share the key? Questions like these can not be ignored with current and increasingly more stringent privacy and security legislation, as well as the obvious potential business and financial and reputational risks.
If you provide any services to customers - whether you are a small business, company, agency, public/government office, health organizations, schools, etc - it is essential that you have appropriate systems that enable you to ensure all required precautions have been adopted to fulfill legal requirements regarding privacy and security. And you will want to be able to demonstrate if needed that this has been done within a fully robust manner that limits all risks to the greatest extent possible.
So how do you protect sensitive organizational data from access by any unauthorized person inside or outside of your organization - including from your IT Administrators?
How do you protect names, passwords, keys, certificates? How do you ensure that the same password is not used everywhere, compromising you IT network and computer local Administrator accounts, not mentioning WiFi, switch, router, firewall, and other devices?
To address the above needs and more, Niyshah Pty Ltd offers the excellent and conceptually unique multiuser product SecureAnyBox(TM). SecureAnyBox provides complete security control at a user by user level - giving you full protection for all accounts necessary to access servers, workstations, PCs and other IT equipment, as well as website, financial information, and passwords. It even allows you to store secure copies of important documents.
All information is retained in a fully secure encrypted storage, which can be used for work related data sharing, personal information or information that you do not share with anyone. Selected information can even be configured so that it is only accessible in specific circumstances to at least 2 separate users. This total solution to your security needs caters for all situations and risks identified above, and much more.