This week’s NCSAM theme, “It’s Everyone’s Job to Ensure Online Safety at Work,” is a critical one and provides the perfect opportunity to talk about the intersection of personal and business security habits. From the way we communicate to the way we collaborate and even to the way we store data, we’re more digitally connected at work than ever before.
Whether your company stores data in the cloud, permits the use of social media on its networks or promotes BYOD (Bring Your Own Device) policies, our online personal and business habits are merging.
Being more digitally connected means having more online accounts to log into and more passwords to remember. Some employees manage as many as 191 passwords at work! It’s no secret that weak passwords are a leading security threat, and bad password habits are far too common. Our recent Psychology of Passwords report, which surveyed 2,000 adults, ages 25 to 60 who have at least one online account, found that nearly 50 percent of people use the same passwords for personal and work accounts. Another report which analyzed 43,000 organizations using LastPass as their business password manager found that on average, any given employee now shares about six passwords with coworkers.
Clearly, mixing weak personal and work online practices can create a dangerous cocktail, but who’s responsible for changing those habits? While the responsibility for keeping a business secure typically falls on the shoulders of IT administrators and other designated security professionals, when it comes to basic practices like having strong passwords, it truly is a shared responsibility. We can’t rely on IT to track everyone’s security habits, particularly in large organizations.
We as employees are the first line of defense when it comes to our organization’s security and have a responsibility to do our part in keeping our company safe, such as spotting and reporting a phishing attempt to the IT team or using strong and unique passwords at work.
Here are a few easy steps you can take to protect the information of your company, your colleagues and clients and, of course, yourself:
Translate your security-conscious views into action
When it comes to basic security practices, awareness is not always the issue – it’s action. For example, our research found that 91 percent of people recognize that using the same or similar passwords for multiple logins is a security risk, but 58 percent still mostly or always use the same password. Additionally, whether we want to admit it or not, people are still writing passwords on sticky notes and logging on to public Wi-Fi – all things that are not secure online habits. There’s no time like the present to put into action the steps you know will keep you and your company most secure.
Create unique passwords for all of your accounts
Every password-protected account is an entry point to your company’s private data. As mentioned above, far too many people use the same passwords for work and personal accounts. It’s critical that passwords are complex and unique for each of your accounts. Otherwise, you’re just low-hanging fruit for hackers. Gaining access to your credentials because you’ve reused the same password everywhere provides hackers with an entry point to attack not only your accounts but also your company. We understand how strong the fear of forgetting a password is – but a simple tool like a password manager can help, both in generating strong, unique passwords for each of your accounts and safely storing them in a secure vault.
Be wary of emails
Always be sure to pay attention to emails you receive and the email address they come from, even if it looks like it’s come from a person or company you know. If you are sent an attachment that seems strange or there’s a link you weren’t expecting, don’t open or click on it. It’s best to reach out to the sender directly and confirm he/she meant to share those files. If you suspect a phishing attempt, report it to your IT department so they can address the potential threat as soon as possible. Also, never let personal credentials like passwords sit in your inbox, even if they’re in a draft.
Sharing is not always caring
It’s inevitable that people share passwords with others at work and do so in a way that’s unsafe and inefficient. Even if your company has one account for an analytics service or news site subscription, everyone should create their own password. If there is an extenuating circumstance requiring the one-time sharing of a password, do it through an encrypted service like a password manager and change your password after the person has accessed what they need.
As our offices become more digitally connected and technologically sophisticated, so too, do cybercriminals. Improving our online security, both at home and in the workplace, doesn’t have to be a daunting task. Take it one step at a time, starting with what you use the most – passwords!
Sandor Palfy, Chief Technology Officer, LastPass
LastPass is an award-winning password manager helping millions organize and protect their online lives, at home and at work. For businesses of all sizes, LastPass provides secure password storage and centralized admin oversight to reduce the risk of data breaches and remove password obstacles for employees. With customizable policies, secure password sharing, and comprehensive user management, LastPass gives IT the tools to strengthen password hygiene across the organization. For more information, visit https://lastpass.com.