There is no denying the extent to which the COVID-19 pandemic changed the world’s landscape. While the global crisis is coming to a close, there seems to be no going back to the previous status quo. The pandemic has ushered in a new normal, and it is here to stay. Without a doubt, this new normal is most felt in the workplace, with most companies transitioning to a remote work setup.
To adapt to health restrictions last year, plenty of businesses provided a means for their employees to work from home. It has been more than a year since this transition, and yet, arguably, the workforce has yet to adopt a more rigorous approach to remote work cybersecurity. In fact, a recent report by tech company Yubico on-at-home corporate cybersecurity proved remote work concerns to be true especially involving password reuse. This article explores Yubico’s findings as well as the best password practices to implement in your operation.
The Risk of Password Reuse in the Workplace
Over the last year, the option to work remotely became a more popular option in various industries across the globe. Despite the surge, employees working from home have yet to shift their behaviors with cybersecurity in mind.
According to a recent Yubico study, 54% of employees implement password reuse for their multiple work accounts. More than the rank-and-file, the most common culprits for this cybersecurity faux pax belong to upper management and the C-levels. Aside from the 54% who reuse passwords, 22% keep track of their log-in credentials by writing them down, and less than a quarter implement 2-Factor Authentication protocols.
“The research shows that many organizations are still finding their feet in these new, mostly virtual, work environments, and while this flexibility can deliver new opportunities for businesses and employees, they shouldn’t ignore the growing cybersecurity risks that come with it. Threat actors are finding new and innovative ways to breach corporate defenses which require modern security solutions.”
Stina Ehrensvärd, CEO, Yubico
While the statistics surrounding password reuse might seem innocuous, this practice renders the passwords useless. When a person reuses passwords for multiple accounts, it provides a means for malicious entities to gain access to a slew of sensitive information across different platforms. This concern is doubly true for corporate accounts.
Best Corporate Practices Involving Password Reuse and Cybersecurity
Password reuse is a common problem in most companies today. While common, it is crucial to address password concerns within a corporation, especially with digital assets on the line. Thankfully, there are various things that you could implement in your operation that can safeguard the credibility of your company against the most common corporate cybersecurity risks:
Create a Company-Wide Password Policy
A password policy is a list of guidelines that motivate users to create strong passwords to protect a company’s digital assets. As with most policies, not all password guidelines are created equal. A strong policy is often part of an organization’s official handbook and is rolled out during cybersecurity training. The steps within the procedure must be clear and actionable. It should list down the responsibilities of the users as well as protocols in instances of a breach.
Be Clear about Password Requirements
One of the most common reasons employees forgo strong passwords is their confusion over the password policy. As discussed earlier, the policy must be clear on password requirements. Instructions should be actionable and clear-cut. Various companies have different requirements as to the password that they deem sufficient. Aside from discouraging password reuse, below are a few guidelines that you could implement for your operation:
- Avoid Using Dictionary Words
As the name suggests, dictionary words are words and phrases that are in the vernacular. It is best to discourage employees from using these words since most sophisticated hackers have programs that go through thousands of dictionary words to crack a password.
- Use a Different Password For Every Application
Using a different password for every application is crucial in keeping sensitive information safe from malicious entities- in other words, as much as you can, don’t let your employees implement password reuse. This ensures that if an account is compromised, the other applications are still safe from the attack.
- Test the Strength of Passwords
Various applications test the strength of the input password. Most of the time, these applications come with suggestions making it less challenging for employees to create stronger passwords.
Implement Two-Factor Authentication
A Two-Factor Authentication protocol adds an extra layer of security before gaining access to an account. It works by requiring additional information from the user beyond just the username or password. Two-factor authentication can come in many forms. Some programs ask a security question, while others require authentication through email or via phone. This extra layer of protection is an essential supplement to a strong password policy.
Educate Employees on the Value of a Strong Password
Your employees can be your company’s biggest cybersecurity champions or your operation’s worst cybersecurity threat. After all, they are the people in the trenches day after day. Nevertheless, it is all a matter of educating them on the importance of cybersecurity and the proper use of passwords. Ideally, training should be done during onboarding. Password policies should be part of the handbook. A yearly refresher on the company’s password requirements should be sufficient.
The world is a different place after 2020. As a business owner, it is your responsibility to shift with the times. The new technology available today has made running a business easier; however, it is vital to recognize and prepare for its drawbacks. As far as cybersecurity is concerned, a password is your organization’s first line of defense against malicious attacks. Ensuring that all your employees know their role in preventing successful cyber threats through your password policy is crucial.
Beyond password protection, there are several security measures that you can implement to protect your digital assets. At SecureBrain, we offer a slew of real-time cybersecurity solutions that keep you up-to-date on your network’s current status. Our products are an excellent second layer of defense against a slew of cybersecurity threats. Reach us today to learn more about our services.