LastPass have released their latest Global Password Security Report. The Report contains some great insights into employee password behaviour at over 47,000 businesses around the world.
Password security has gained increased awareness over the last few years. However, the Report highlights that businesses still have a lot of work to do in the areas of password and access security.
Who is LastPass?
LastPass provides advanced password management solutions for businesses, with freemium products available for personal and family users.
A user’s content, which includes passwords as well as secure notes, is protected by one master password.
LastPass makes it easier for users to create different, and complex, passwords for each login, as well as to automatically fill online forms.
What are the Key Highlights in the Report?
MFA is a security system that verifies a user’s identity by requiring multiple credentials (such a code from your mobile phone). It is an effective way to provide enhanced security.
More than half of businesses globally have employees using multifactor authentication. This is up 12 per cent from last year.
The next trend in MFA is forecast to be the increased use of biometric authentication (as opposed to software based). Relevant biometrics are typically less secure and reliable than other methods of authentication, but some implementations provide adequate security as an additional (not primary) factor.
Technology businesses are leading the way, with the largest percentage of users adopting MFA. Businesses in the insurance and legal industries have been the slowest to adopt MFA. This is unfortunate given the sensitive customer data which they handle. Smaller businesses are also less likely to use MFA, most probably because their restricted IT resources are focussing their efforts elsewhere.
Ultimately, no matter the size or industry of your business, MFA should be part of your cyber security technology.
Mobile usage continues to rise, and the ability to access passwords on mobile significantly improves the experience for employees.
Those employees who can access and use passwords conveniently from their devices are going to be more likely to use their password manager.
Password sharing is common in many businesses. There are often services that need to be accessed by multiple employees, or shared with external parties.
Businesses therefore need a solution that facilitates secure, encrypted sharing of those passwords to avoid insecure use of spreadsheets or paper documents.
If you work in a small business, it won’t surprise you to hear that the average small business employee needs to remember 85 separate passwords. Eighty five.
Even employees at larger companies that may benefit from tools such as single sign-on, still have to remember an average of 25 passwords.
Either way, it’s clear that employees have too many passwords to remember on their own. And each of those passwords is an access point to the business that needs to be properly secured.
Most of us know by now that password reuse is a bad idea. All it takes is a data breach at one of your service providers for that one, valuable password to be out in the open. Stolen and reused passwords mean you can be more easily hacked.
According to the Report, employees reuse a password an average of 13 times, and smaller businesses are more likely to have higher rates of password reuse.
Remember that unique, complex passwords are much, much more difficult to leverage in exploits.
Businesses need to take proactive measures to eliminate risky password behaviours. Ongoing employee training helps to encourage the adoption and usage of security tools.
Employees who understand how their actions contribute to the overall security of their company will be incentivised to make positive changes.
The Effect of Increased Regulation
Security initiatives around passwords and secure access are being positively affected by new regulations and guidelines. Data breaches now have increased and longer term implications for businesses, thanks to the introduction of schemes like the EU GDPR and the NDB in Australia.
Good password management can only have a positive impact on the security posture of your business. So whether changes are driven by regulation, or internal policy, do make those changes happen.
Should our business use a password manager?
If your business is still winging its password management the old way, it’s time for a change.
We all use LastPass at phew (both in the office and at home), and we recommend it as a great solution for all our customers.
However there are right and wrong ways of using password management tools, and ensuring that all members of your organisation are using such tools securely, according to best practice and organisational policies, is important.
Speak to us today about getting your business and employees set up with LastPass. It will not only make your business more secure, but it will also make your employees’ lives significantly easier!