Passwords have always been a weakness within businesses. Employees are swamped with hundreds of logins, all with stringent rules for password creation leading to lazy, re-used passwords - putting your business on the line and increasing the risk of a data breach.
This risk level has only increased since the pandemic, with INTERPOL noting a stark rise in attacks:
Strengthening your defenses at an employee level is crucial to avoid exploitation from these criminals. So how can you build a bulletproof approach that can be deployed company-wide?
1. Up the complexity
Increasing password complexity may seem like a no-brainer, with professionals in IT employing complex password generators to create un-crackable logins. Still, the general employee may not have this same approach. Many will instead use the name of their favorite 'sports team 123' for easy memorization and a low mental load.
Encouraging complex passwords and setting company-wide guidelines can reinforce your data protection. With employee passwords falling outside the average number of keyspaces (12), utilizing both lower and upper cases and including special characters and numbers, you can ensure that each login is less vulnerable to password cracking technology.
2. Layers, layers, layers
Adding a second (or third) layer of security may be what saves your business from a data breach. Multifactor Authentication (MFA), such as Two-Factor Authentication, relies on an alternative factor to further verify and consolidate the identity of a user before granting access to confidential data.
MFA extends the verification mechanism, requiring a secondary prompt to be sent to an external device such as a smartphone or email with a code. The user must enter this code within a determined timescale to confirm the authentication request before granting access. If one of the two factors are incorrect, authentication fails.
Utilizing MFA leverages both biometric (fingerprint) and contextual factors (text messages) to fully authorize an interaction to provide a fool proof layer of security.
Being accessible for admins to deploy and effortless for employees to adopt, there are no added training headaches when implementing LastPass, allowing for a seamless launch, saving your business resources for what matters most. The tailored policies control what access each user has at each level, providing structure to the wild-west of data administration. This organization paired with minimal day-to-day management and encrypted biometrics means that an MFA such as LastPass can offer top-level security without the hassle.
3. The first rule about passwords is you don't talk about passwords
Sharing passwords in an insecure manner is a massive issue in the modern workplace. With workers split across multiple locations due to the rise of hybrid work environments, it’s more common now than ever to see an email with the heading "x employee - new login details." This rise in insecure sharing provides cybercriminals with easy pickings and can make your business vulnerable to attack.
As an IT professional, you’ll be well aware of the dangers of poor password sharing practices, but this may slip your employees' minds as they rush to fix their login to finish that new project. A way to solve this and many other security issues is a password manager.
A password manager provides a secure channel through which your employees can share passwords without the risk of them being intercepted, allowing teams to work collaboratively more cohesively while remaining safe.
4. Forget it
The best way to ensure a password isn't discovered is to forget what it is. As strange as this may seem at first, it’s the most secure way to operate. If a password is memorable, it’s personal and if it’s personal, it can be discovered. Remove the personal aspects from passwords, sports teams, pets and mothers' maiden names and creating a string of random, entirely incoherent characters reinforces the role of a password. While expecting this from your employees alone would be optimistic, there are tools that can assist your business in the journey to safer operations.
As discussed above, a password manager can provide a safe channel to share passwords, but this isn't its only role. A password manager also allows each password your employee creates to be secure and unique as they only have to remember one master key. By generating random strings of characters and letters and storing them in an encrypted storage block, a password manager can help reinforce security structures, building a new, safer online environment for your employees.
Building a safer, more secure future for your business means taking the responsibility out of your employees' hands. Taking control of your password protection plans and implementing the right tools removes the mental burden from employees while simultaneously building an ecosystem that supports secure, safe operations.
Access the latest business knowledge in IT
Join the conversation...