SMBs & the Cloud: The Truth Behind Password Security


Are you part of the password problem? The nearly 50% of people that keep all their passwords in a spreadsheet or the 27% that write them on paper (what’s that)? Forget the third of people that rely on memory; they’re probably using the same password for everything.

Good password management isn’t easy and consumer habits revealed in recent research from Enterprise Strategy Group confirm that. The more unsettling part is how unprepared individuals and small businesses are to deal with the consequences. About 60% of small businesses have no policies in place to address the rise of cloud apps in the workplace, and only 44% require employees to change their password every three months.

You can read the complete report, Password Management in an Increasingly Cloudy World, or check out some highlights and tips for SMBs in the infographic below.

SMBs & the Cloud: The Rise of Cloud Apps


Another day, another new login. It feels like we’re adding new apps and websites to our repertoire every day. A social media tool here, an analytics site there. A recent research report by Enterprise Strategy Group found that individuals use more than 25 apps each month. Can you remember that many usernames and passwords? If you can, it’s probably because you’re using the same password for all your accounts.

The rising number of cloud apps and web services we use on a daily basis is becoming a bigger challenge not only for individuals but also for small businesses. Today’s professionals want to be productive from anywhere and to do so, they bring apps from their personal life into the workplace for a seamless transition from work to home and back again. This presents a challenge for small businesses, of which 60% have no full-time IT staff to manage the blurred lines between business and personal accounts.

You can read the complete report, Password Management in an Increasingly Cloudy World, or check out some highlights in the infographic below.

Nervous about the growing password problem for employees and small businesses? We are too. Stay tuned for Part 2 of SMBs & the Cloud: The Truth Behind Password Security, coming soon!

The Web Setup: Wave Apps


In this installment of the Web Setup, we spoke with Brian Masson, Information Security Officer at Wave Apps. Wave provides awesome cloud-based integrated software and tools for small businesses including invoicing, accounting, payroll, and more. Here’s a look into their setup and how they are scaling their business, and keeping their data secure, as technology continues to evolve.

What kind of office setup do you have?

We are a very open office, with a BYOD setup; everyone has their own laptops. We have a few remote workers, but no remote offices. Our Director of Operations Engineering, lives in Panama, and our VP of Payments lives in British Columbia. With BYOD it’s really easy, and we also do a lot of working from home.

Before we had the formal protocols we have now, each person kept passwords in their own way; in some cases, that could even mean Post-Its and notebooks. That soon grew into password-protected shared documents, but keeping that safe and up to date was a no-go.

We looked at many different options and Meldium just seemed to really align with what we were looking for in functionality. Now we have over 150 apps in Meldium across many departments – Sales, Marketing, Customer Support, Product Development, Design, and we use it to login to mail providers, support tools, and much more.

How do you onboard new employees?

When someone starts, we have a change ticket. Our technical administrator goes into Meldium and clicks a button. We make sure they are in the right group, and they automatically have access to all of the things they need to get started. Plus, we make heavy use of Google Apps for Business we love that Meldium supports a forced Google login. Once we've created a new employee’s Gmail account, they are in. It really helps us smooth out the onboarding process so instead of spending a day setting up accounts and recording passwords, we spend that time introducing our culture, our tools, and the team.

How do you choose new applications or tools?

Our process for choosing new technology is constantly evolving. As a company where everyone is so passionate about technology, somebody will always find the latest, hottest, whatever – and we generally do a proof of concept to see if teams will buy into the new tool.

We make use of so many different technologies, some of which may have access to sensitive data, so we first make sure their privacy policy and T&Cs are as good as ours or better. Meldium allows for secure sharing once we have vetted an app for company-wide use. For apps where we are not sharing sensitive info, we allow people to use what they want, but we can still control and monitor within Meldium.

What are some of the pain points of a growing number of tools?

There was a period where we were quite siloed and it was difficult to get a clear picture on who was using what applications, who had the credentials, who owned them, etc. We’d have scenarios where employees would spend half a day trying to find who owned the account, to reset the credentials. It was a nightmare. With Meldium, we have a single portal where we can see who owns it, and we don’t even need the credentials so it reduces response time.

How do you stay ahead from a security perspective?

It's very important to trust the people you work with, but trust isn't a valid security control. The idea of least privilege is important - it protects helps protect everyone from both malicious actions and mistakes.

I don’t want to wake up in the morning and see that Wave’s Twitter account was taken over. We know some passwords could be brute forced, so we look for single sign-on integrations and integrations with multi-factor authentication – those are critical.

Even though you don’t have remote offices, how do you manage remote work?

Identity and access management is the most critical thing to working remotely. If I need to reset a password, I can’t just walk over and ensure a person is who they say they are.

We use Jira and HipChat heavily for communication, and Meldium is our portal to share access securely. Together they facilitate remote working for us. Meldium requires that our users are able to access their primary account, and allows us to grant/revoke access to services without ever sharing actual credentials.

Anything else?

For me, I’ve been with Wave since we were at 10 employees; we’re constantly evaluating new technology and strategy to stay ahead. At Wave, we value the trust of our customers and are committed to privacy and security. Passwords are one small, but important, piece in the security puzzle but for growing businesses looking to scale, continuing to stay on the forefront of identity and access management is critical.

Brian Masson, Information Security Officer, Wave Apps: Brian formerly lead the QA team at Wave and now leads the Information Security team. To keep his technical skills sharp, he also helps with Wave’s our OpsEng/DevOps team. Motorcycles, wine (making AND drinking), books and cooking fill his spare time.

For more information on Wave Apps, visit their site.  Not a Meldium user yet? Don't waste any time - get your team started today

New! Password Report for your Organization


We're pleased to announce our newest feature: a Password Report for all of the accounts in your organizations. As an administrator, you can now monitor all your passwords and ensure your team has strong, unique passwords for every website and service.

Organization Password Report 

Meldium periodically analyzes the passwords in your organization and generates a report ranking the passwords that you should update. We provide a quick workflow for generating and updating each password right from the report.

  • Create an instant report that helps identify at risk passwords
  • Rank your passwords based on age, strength, and how often they are re-used 
  • Generate new, strong passwords in a few simple clicks

Click here to discover whether your organization's passwords are at risk. Still managing passwords in excel or sharing with your team over e-mail? Don't waste any time, get your team started today