When it comes to an organization’s security, employees are often considered the first line of defense. While most companies would like to believe their employees take security seriously, that’s not always the case. Our recent study on the psychology of password behavior found that more than a third (39%) of survey respondents said they prioritize their personal accounts over their work accounts when it comes to creating strong passwords.
The cost of weak security practices is high. According to the 2016 Cost of Data Breach Study from IBM, which looked at 380 companies globally, the average cost of a data breach in 2016 rose to about $4 million, with an average cost of $158 per stolen record.
So how can IT teams encourage employees to keep security top-of-mind? Here are some tips to ensure everyone in the organization is practicing strong security habits.
Enforce the basics.
There are a few security basics that all companies should implement. IT should establish mandatory password requirements around password length, complexity and frequency (how often they should be changed). To take this one step further, IT teams can also require that a new password cannot be similar to previous passwords (e.g., changing “123456” to “1234567” won’t cut it). Another baseline security tactic is to enable multifactor authentication, which would require employees to verify their identity before logging in to their accounts.
Manage user access.
Whether you have 5 employees or 500, it is critical to make sure that only the right people have access to the right information. Even if IT hasn’t explicitly given an employee access to a specific account, employees may share account information amongst each other for convenience. What’s more, when an employee leaves a company, failing to update passwords and change access requirements could leave the business exposed to greater risk. IT leaders should ensure there is a system in place to manage who has access to what information and how accounts are updated when roles change.
Create a formal policy around account security.
Every company should have a policy that outlines all things security, including everything from password requirements to change management procedures. This policy should also consider guidelines around “bring your own device” (BYOD). Today, more and more companies are transitioning to a BYOD environment – while it’s convenient and effective, there is risk involved. Enforcing guidelines such as staying off public Wi-Fi or identifying which apps are allowed on devices can help keep company data safe on employee devices.
Train employees on security practices.
After a security policy is put in place, the next step is employee training. IT teams should educate employees on the different security risks the company is exposed to. Holding IT trainings, offering general best practice tips, and educating employees about the importance of basic security measures like creating strong, unique passwords can help minimize the company’s exposure to potential security threats.
Consider an enterprise solution.
One way to help centralize your company’s security is to consider using a solution like LastPass. A password management solution built for businesses can help IT departments manage password sharing and user access by offering advanced admin controls and integration support. Whether you’re a small team looking to collaborate and tame the password chaos with LastPass Teams, or an organization seeking to control employee access through configurable password policies and customized integrations with LastPass Enterprise (for larger organizations), our password solutions can help you create and enforce the right password policy for your business.
Security should be a priority at every level of an organization. Make sure your employees are safeguarding company data and taking security seriously with these simple steps.