With a breach occurring seemingly every week, businesses and individuals are more pressed than ever to secure online information. Recent research has found that weak passwords cause 80 percent of data breaches, and it’s not hard to understand why.
In LastPass’ 3rd annual Global Password Security Report, we found that employees at large businesses (1,000 – 10,000 employees) have to remember, on average, 25 different passwords, while employees at small businesses need to remember a staggering 85 passwords on average. What’s worse is that employees reuse the same password an average of 13 times. It’s clear that employees at businesses of all sizes still have far too many passwords to remember on their own, and each one of those weak or shared password presents a risk to the company, whether a data breach and/or loss of company data.
For IT teams trying to manage the problem, the numbers aren’t much better. On average, IT teams spend four hours per week on password management-related issues alone and receive 96 password-related requests per month.
This National Cybersecurity Awareness Month, we need to examine the best ways for businesses to balance employee user experience with the security needed to protect company data. How can IT protect the business from cyberattacks while facilitating an environment in which employees can quickly get access to the resources they need and do their best work? While there is always likely to be tension here, there are a number of ways you can simplify security for employees. These include:
Make it easy. Allow employees to login to the applications they need by integrating everything you can with single sign-on (SSO). SSO allows users to access multiple services with a single login. This reduces the number of passwords within the organization, improves employee productivity by reducing logins and password resets and increases security overall. SSO can leave gaps, as not all applications are SSO capable. Therefore, SSO should be combined with enterprise password management so that IT can properly manage every user’s identity, gain greater visibility into what users are accessing across the organization and enforce stronger control over that access.
Make sharing secure. Password sharing happens in the workplace, there’s no denying that. Instead of restricting these sharing behaviors, give employees a secure way to facilitate it. A password manager allows employees to share login credentials with approved colleagues and teams while adhering to the company’s password sharing guidelines.
Give them flexibility. Authentication solutions all have pros and cons, and each business will need to figure out what is an acceptable level of risk for their organization and balance added security with convenience before making a choice. That said, multi-factor authentication (MFA) is a feature that combines something you know (your password) with something else unique to each individual like their phone number, fingerprint or even a location in order to log in to a system. Employees can easily and securely access company resources with different MFA options like text, email, phone call or even biometrics.
Don’t rely on employees to update software. Employees often ignore or delay important software updates. Organizations can remove this burden by using a centralized remote management system that automatically pushes and implements updates. This removes friction for the employee but ensures security measures are always up to date.
Train employees on why online security is important. NCSA provides a number of resources to help businesses stay secure, as well as training tools on how to educate employees. Make sure you explain clearly and simply the different security risks your company could be exposed to and provide tips and tricks on how to address the most common employee cybersecurity fails.
Don’t let poor password habits put your organization’s data at risk. National Cybersecurity Awareness Month is the perfect time to double down on online security. Implementing these tips can help streamline login processes, increase employee awareness and boost the overall security of your organization.