It’s time to get serious about password protection
It’s becoming common knowledge that one of the biggest cyber security risks your organisation faces is your own people. Regardless of how comprehensive our virus protection, firewalls and user monitoring systems are, we only need one careless employee to inadvertently give up one password, and we could suffer a potentially crippling data breach. In fact, Verizon’s 2018 Data Breach Investigation Report revealed that 81% of breaches are caused by weak, reused, or compromised passwords.
And it doesn’t appear that our ongoing education efforts to promote vigilant password security among our employees are having any effect. Research from LastPass has highlighted some very worrying behaviours, with only 55% of survey respondents saying they would update their password if their account had been hacked, and almost 50% of people reporting they don’t create different passwords for personal and work accounts.
Making matters worse is the proliferation of shadow IT – the software and applications our employees introduce to our environment without permission. While we might have secure passwords for every user in core systems such as our CRM or ERP, the fast-growing number of cloud applications means we don’t have visibility over every password within our network. According to a survey by Ovum, 78% of IT executives say they don’t have complete control over the cloud applications their employees use.
So, if we can’t trust our people to do the right thing by updating or securing their passwords, what are our options? Password management policies
If employees aren’t going to update their passwords by choice, a password policy can be introduced that automatically requires them to update their password at regular intervals such as once a month or every quarter. If they don’t change their password, or the new password they’ve selected is deemed as weak, they will be locked out of the system.
Of course, one of the reasons that people tend to not change their password, or use the same passwords across multiple accounts, is because they struggle to remember them. But when the inevitable memory lapse happens, this can create more work for your security teams as they attempt to manually unlock accounts and reset passwords for users – which is why we need to go one step further.
Enterprise password management software
Password protection is an essential layer to any digital security strategy, so enterprise password management software is a vital pillar of this security layer. Because we know that employees will inevitably forget passwords, we want to stop them from writing them on notepads or storing them in spreadsheets.
Running discreetly in the background, password management software sends the user a prompt when a new account is created, or is being used for the first time. This prompt will ask the user to save the password, which is then logged in a vault where once entered, all data is encrypted and stored. This process can also be extended to include passwords entered into any unsanctioned software and applications that a user installs on their device.
Selecting the ideal password management solution depends on a variety of factors such as the number of users and devices within your organisation, and the risk value of data each user has access to. Counterparts can assess your business’ risks and identify the password management tool that best fits your situation from a range of vendors. We can help you eliminate one of the biggest security risks in your business, while also ensuring you aren’t overpaying for software and solutions that may not meet your needs.
Intel and the Intel logo are trademarks of Intel Corporation or its subsidiaries in the U.S. and/or other countries.