The Password Security Divide Between IT And Employees
When it comes to password management, APAC organizations are potentially leaving a wide gap open for breaches. Many organizational IT policies rely heavily on outdated practices, putting the onus on employees to manually manage their own passwords.
In fact, recent research by LastPass and Ovum found that most IT executives depend on employee education alone as a safeguard to password security. Even with the best of intentions, IT executives are always going to be challenged by this approach. In another report by Verizon, statistics showed that more than 80% of hacking-related breaches involve weak or stolen passwords. (These figures come from the 2017 Data Breach Investigations Report.)
This correlation to passwords can be traced to three factors: the use of cloud applications is continually rising, IT executives are losing control over the applications in the business and employees are reverting to very poor password habits to more easily deal with the cumbersome process of password management.
With the rise of technology and flexible work policies, employees feel more empowered than ever to manage their day-to-day work, and IT is supporting this. While this is great from a collaboration and productivity standpoint, the issue here is that there is a struggle to keep track of all the applications and login credentials in the business. Most employees do believe that a strong password is essential, and that password security is very important. But the average employee also has 191 passwords to manage, and imploring them to secure every account with a long, strong, unique and memorable password is simply impossible. This is especially a concern when you consider the large volumes of private data (like personally identifiable information, known as PII) going into the cloud (including public cloud services).
If data breaches occur because of poor password hygiene and organizations relying on ill-equipped employees, then this poses an obvious gap in how security is managed in businesses today. The same research from LastPass and Ovum found that a large number of employees were displaying poor password hygiene – with behavior that included utilizing social media credentials to access business systems, reusing the same passwords across multiple accounts and sharing passwords with peers and external parties. Some employees have also been known to write passwords down on paper, or on post-it notes stuck to their computer. Relying on employees alone only establishes a weak link in data security.
The reality is that while security is a major concern for businesses, allowing employees to be the drivers behind this is not ideal. The irony here is that security does not need to be difficult, and good security practices don’t need to involve the risk of poor memory, bad behavior, theft or credentials written down on paper.
There are multiple ways to ensure that data is kept secure at the organizational level. Systems like two-factor authentication, single sign-on and biometric methods are great. Coupled with an enterprise password management software (like LastPass) – the ease of password management, password sharing and security becomes not only beneficial for businesses and IT executives, but for employees also.