Home » Business » Digital Transformation » Make Passwords on ‘Post-its’ a Thing of the Past
Usernames and passwords have formed the backbone of the users’ IT authentication in enterprise for decades.
Smartcards, tokens and a variety of biometrics have introduced elements futuristic security into the equation, but nothing has come close to the simplicity, functionality and ubiquity of the humble passcode.
But the number of connected devices in our lives isn’t going to drop anytime soon, and as techniques employed by would-be cyber-thieves become increasingly sophisticated, the issue of security in the online domain has never been more urgent.
Alarmingly, one study finds that 30 per cent of staff members still write their passwords down, while 67 per cent of 16-24-year-olds admit to sharing a password with a colleague. If passwords are not literally being written on yellow pieces of paper and stuck around desktop monitors, the huge disconnect between IT priority and real-life practice suggests this may as well be the case.
The situation is exacerbated by staff who are able to work around security features in the workplace; a study by Dell finds that nearly 70 per cent of IT professionals feel employee workarounds to get through IT-imposed security measures are the greatest risk to an organisation.
Below we highlight four ways IT departments and bosses can work together to tighten attitudes to digital security in the workplace.
Without clear usage guidelines, the concept of password security loses its strength and can become overlooked by employees.
A strong IT security policy supported by an education programme that increases awareness incrementally is a good way to combat this complacency. “Security hygiene” is a process whereby basic, company-specific security measures are demonstrated and assimilated by staff in order to ease the pressure on IT resources.
With less than 40 per cent of surveyed staff saying their firm has a clear password policy, this area clearly needs to be addressed. The number of easy-to-remember and duplicate passwords across accounts is also on the increase, posing a huge threat to even the most robust security systems.
Policies should focus on stamping out laziness by forcing staff to create complex passwords that are unique to one account.
Continued, evenly sustained on IT security will ensure the subject keeps a high profile and is respected, while being approachable.
Security topics should be fragmented across training sessions, which in turn can be backed up by monthly newsletters or broadcasts on IT security measures. These can be compounded through monthly tests so that awareness and engagement can be formerly valued and measured.
Too many firms limit their broadcasts of IT awareness to links being shared through group emails, and other nonchalant approaches that will only inspire a similarly disengaged attitude among staff members.
Enforced safeguards such as account lockout and throttling should underpin a culture of taking IT security seriously, with systems being configured to allow users a limited number of attempts to enter correct details before their account is locked out.
Password blacklisting is also effective, while protective monitoring can defend against attacks as an alternative to account lockout.
To combat the heightened risk of breaches perpetuated under the Bring Your Own Device (BYOD) culture, systems can be put in place to establish a secure access link to your organisation’s network for remote workers. Virtual Private Network (VPN) software can be employed to encrypt remote workers’ information and can integrate with other IT tools to maintain functionality while computers are running security patches and correct configuration.
Password usage is simply the tip of a much broader debate on organisational cyber security, which must be engaged with and supported by all working elements of a company.
When dovetailed with new techniques, ongoing training and improved awareness, companies can begin to foster a healthier approach that brings teams together to minimise risk while keeping data safe.