It’s week three of National Cyber Security Awareness month and the theme focuses on ensuring online safety at work. It’s very common for employees to think it’s someone else’s responsibility to promote online safety at work — such as the cybersecurity or IT team members. However, it needs to be an organization-wide effort.
As a business leader, how can you encourage employees to have safe habits at work? Or if you’re an employee, what actions can you take now to protect yourself and your company? Here are a few suggestions for improving online safety within your business:
1. Avoid Using the Same Password for Multiple Accounts
According to our Psychology of Passwords Report, 59% of people mostly or always use the same password across accounts. The problem with that approach is that if a hacker figures out one password, it could give them access to dozens of applications on a company’s network or all over the internet.
Instructing employees to use a strong, unique password for every account makes it harder for cybercriminals to accomplish successful breaches. Additionally, if a hacker does get the password, the access it provides will be substantially limited compared to what a universal password for many accounts could offer.
This applies to business applications like logins for OneDrive, Dropbox, Google Analytics and other tools you use at work. But it also applies to personal accounts you access at work as well. If you login to your personal email from your work computer, you need to make sure that account is secure or it also can put your company at risk – even though it’s a personal account.
2. Introduce Secure Password Sharing Practices
Workers who aren’t well educated about good cybersecurity practices can make their organizations less secure. Conversely, knowledgeable employees improve safety. A report published by Accenture found that when organizations didn’t learn about breaches from security team members, other employees raised the alarm in 43 percent of cases.
Often, employees do things that seem innocent but could contribute to security breakdowns. Sharing passwords by email or messaging platforms such as Slack is a good example. These methods aren’t secure and could be accessed by unauthorized parties. People share passwords with team members, vendors or contractors to help everyone get work done efficiently. They don’t understand how the practice puts a business at risk.
Fortunately, a password manager like LastPass can facilitate secure password sharing. All employees use the tool, and colleagues share credentials through the secure vault. You can even share a password without the other person having knowledge of what that password is.
In the event of an internal or external security issue, people with administrative privileges can immediately revoke access to shared passwords and update the credentials if needed. Taking prompt action is a crucial part of creating a safety culture at work.
3. Carry out a Security Challenge
It’s sometimes necessary to influence employee behavior to help them break bad habits that hinder security, but that typically requires first identifying weak spots or problem areas. Organizations can do so by creating a security challenge for their employees. It might mean distributing a message with a strange attachment and seeing how many people download it, for instance.
For passwords, you can encourage employees to take the LastPass security challenge. This will tell you if you have any weak or reused passwords. Then you can use the password generator to create new, strong passwords. You can even create a competition to see who has the highest security score.
We recently published our 2018 Global Password Security Report featuring data based on anonymized LastPass customer usage information. Statistics related to individual passwords, sites visited, the number of shared passwords and others get calculated to generate a numerical security score. The results of this report allow you to compare yourself to other companies in your industry or of your same size to see areas for improvement.
For the study, a score of 65 to 89 was Good, and a rating of 90-100 was Exceptional. LastPass anonymized and aggregated data from over 43,000 organizations. It found that the average security score of all businesses was only 52, resulting in a Fair ranking.
Technology companies fared particularly well, earning Exceptional scores for both overall security and password strength. Concerning password strength, smaller companies more often earned higher ratings than larger ones.
The report has a lot more interesting findings, but it’s safe to say that there is room for improvement when it comes to password behavior.
4. Set New Password Policies for Employees to Follow
Setting policies requires employees to follow the best practices you set forth. It’s important to use policies in a way that protects the company but also aren’t so restrictive that it reduces employee productivity.
LastPass allows admins to set many policies, such as requiring a minimum password strength or turning on two-factor authentication. The suggested password security challenge could uncover areas of improvement for new password policies to target. We suggest three policies you can start with in this recent blog post.
In addition, institute an open-door policy so that workers feel comfortable about coming to ask questions if they don’t understand how to abide by a new rule or wonder why it’s necessary.
Well-Meaning Employees May Need Encouragement
Clearly, enforcing online security is a necessity that extends to all employees. Even when workers are fully on board with the roles they play in enhancing a company’s security, they may still need a nudge in the right direction. The above tips could help positive changes take place.