If you were to ask your employees what the dark web is and whether they are protecting their personal information online – what do you think they’d say? Unfortunately, most employees don’t understand how they are putting their information at risk when they put it online or how it can put their employer at risk. And with the recent spike in ransomware and phishing attacks due to the move to remote work, it’s essential that employees are protecting themselves online.
A recent LastPass survey of 3,250 global participants* found that 86% have no way of knowing if their information is on the dark web. And when asked what they do to protect their information online, 14% said they take no action and 51% said they try to avoid giving out sensitive information on the internet. While that 51% may have good intentions, it’s unrealistic when so much of our day-to-day lives are now online.
We also found that survey respondents severely underestimated the likelihood that they had been involved in a breach. When asked if a company they use or have an online account for had been involved in a breach – only 13% said yes. This is very low considering that 9.7 billion data records have been lost or stolen since 2013**. Also, the 2020 Verizon Data Breach Investigations report stated that 58% of data breach victims had personal information compromised.
What can organizations do to help their employees protect their personal and corporate accounts? The best approach is to make the security tools you have in place are easy for employees to use. If employees can’t use them as easily as their consumer products, they are likely to become frustrated and look for workarounds. So what are the right tools that will keep company data safe and still be easy enough for employees to use?
Remove the burden of credentials with single-sign-on
As a first step – whenever possible – automate the authentication process and remove the burden from employees. Single-sign-on is a smart place to start as it allows quick access to essential work accounts for employees without them needing to remember credentials – credentials that could become compromised. It also is an essential tool for IT teams, especially in a remote environment. It allows them to manage which employees have access to which applications, removing any unnecessary risk of having employees with unnecessary privileges. (And none of that burden falls on the end user).
Add an extra layer of protection and promote good security hygiene with MFA
Multi-factor authentication protects your employees and your business, and in a remote environment it’s even more important for IT teams to ensure employees are who they say they are. The good news is there are MFA solutions that make it easy to authenticate with biometrics, something your employees are used to doing on their smart phones already. A recent LastPass survey found that 65% of respondents said they trust fingerprint and facial recognition more than traditional text passwords.
Also, adding MFA at work is a great way to teach employees the value of this additional layer of authentication – something they can apply to their personal accounts.
Enable dark web monitoring services for work and home
Dark web monitoring services will alert users if their accounts have been compromised in a breach. Enabling a service like this is simple — set it up once and then let the tool work in the background – only alerting employees when they need to take action. Employees can use this for their personal and work accounts and if any accounts are compromised, they will be prompted to change their password – promoting good overall security hygiene.
The key to success that all of these have – they’re extremely easy for employees to use. Tools like SSO, MFA, and dark web monitoring don’t add much friction to their work and personal online lives. They remove burdens like managing credentials, getting locked out of accounts and worrying about the safety of their sensitive information.
Your employees may not understand the risks the dark web or cybercriminals pose to themselves and their business – but with the right tools you can help them protect both.
*Survey conducted by Lab42 with respondents from US, UK, Australia, Singapore, Brazil and Germany
