IT professionals know password security poses challenges to a company’s overall security and reputation, yet many are uncertain of the necessary steps to remedy any issues. In fact, far too many IT organizations rely entirely on their employees to manage their passwords, with no technology in place to enforce password strength or the frequency of password refresh, even though they are aware that employees are the weakest link in the security chain.
In an effort to understand how organizations and employees approach passwords and their overall digital security, we recently surveyed IT executives at enterprises across North America, Europe, and Asia-Pacific. The survey evaluated how IT organizations are approaching the challenges of granting and controlling employee access both to enterprise applications on company premises and to sanctioned cloud-based applications.
What’s the Big Deal?
According to the results, IT executives are well aware of the challenge inherent in this lack of control: 68% of them saw significant or very significant risk from the gap in control over the applications their organizations’ employees are using. Other major pain points included regularly having to change passwords without the levels of support needed to make this a simple, safe, and automated process, all of which can have a significant impact on employee productivity – 44% of respondents said this is a major issue. Because employees are being left to fend for themselves, problems extend into associated areas; therefore, simply coming up with strong enough passwords to fulfill company requirements also becomes a serious issue.
Password usage problems are exacerbated by the lack of single sign-on (SSO) in many organizations. 56% of the organizations surveyed did not have SSO available, which, for many users, means that every required password change must be dealt with on an individual basis.
Take the First and Necessary Steps
Because it only takes the misuse of one shared or stolen credential to put an organization and its business systems at risk, IT professionals and organizations should look to do the following to address password management and security issues.
Acknowledge the Problem and Fix It
Employees have multiple problems managing passwords and are not getting the help they need. More than three-quarters of employees reported that they regularly have problems with password usage or management. 61% of IT execs who were asked what they were doing to enforce strong passwords reported that they rely exclusively on employee education. In other words, they instruct their employees on how to create their passwords using numbers, letters, and characters, as well as how to change them, but do not enforce these behaviors. From there, the employees are on their own, with no technology in place to enforce any password strength requirement.
Use Technology to Underpin Password Security Initiatives
Employee education is never to be decried and should form the basis of all security activities in companies of all sizes. That said, exclusive reliance on your employees to do the right thing represents an excessive and unwise degree of trust. Unless password strength is obligatory, the temptation to go for something more easily remembered may be too great, particularly if employees are accessing a lot of applications, each with a different password. Technology as a means to underpin password security forces compliance with password strength as well as alerting employees that they will need to change their passwords in the next few days and so on.
Introduce a Password Management Solution to Help Employees Improve Security
IT executives know the risks of not enforcing password policies, yet many organizations still don’t have a system in place that allows visibility into the employee password management process. As a way to close this gap, IT execs should take the time to educate employees on the importance of good password hygiene and create policies to keep the business secure. Better yet – arm employees with the proper tools, as the same report found 69% of employees would use a password manager, such as LastPass, if they were offered a solution.
According the report, employees are generally in favor of using password management technology in the workplace, and employers should facilitate this. Employers should also recognize that most employees would welcome help from a password manager, making it an easy win for such technology to be introduced. It should be positioned as a means of helping staff members remember all the different passwords they use and making their lives easier.
Be a Part of the Solution
In looking at these numbers, it is clear employees struggle to manage and maintain the ever-growing number of passwords they need to use each day. As highlighted earlier, many of the problems are caused by a lack of key password management technology and a reliance on manual processes. In effect, it means someone in virtually every organization surveyed is potentially putting system access credentials, and with them their business systems, at risk.