According to the latest research in this year’s password security report, businesses still have a lot to do in the area of password security and access. While some organizations are increasingly adopting key security measures such as Multifactor Authentication (MFA), employees generally still have poor password cleanliness, which affects overall business security. With 80% of violations originating from stolen and reused identities, companies need to increase efforts to increase password security and reduce risk for their business.
To increase the business security of your small business
Cloud applications, mobile applications, and a number of new technologies have brought many positive changes to the workplace, but they have also introduced many passwords that are difficult for employees to control. The more passwords each employee has to save, the more likely he will have bad password behavior. This is not always due to misinformation or lack of knowledge and resources, but due to lack of training and inadequate password compliance.
According to some data, employees in small companies have an average of 85 passwords to track, while employees in large companies need to manage an average of 25 passwords. Larger companies may have an SSO (single sign-on) solution that allows employees with fewer passwords to access more applications. However, less than 50 percent of companies have this type of technology.
Besides, we all know that using passwords is bad, but we do it anyway. As more passwords need to be stored at work, most people don’t want to remember unique and complex passwords. In fact, sharing and reusing passwords remains a common practice in most companies. In addition, many departments or teams may only have one or two service licenses that can be accessed by several employees or need to be shared with third parties or organizations. For small companies, the numbers get bigger. Employees use 10 to 14 passwords, in large organizations, there are only four. This opens up an increased security risk for the organization. After an attacker has access to stolen passwords, he can endanger several other accounts if they are used in many places.
More than half of global companies (57 percent) already have employees using MFA, an increase of 12 percentage points compared to the previous year’s report. With greater staff availability and IT resources, employees in large organizations have the highest utilization rate of 87 percent. This number drops to 44 percent for organizations with around 500-1000 employees and 27 percent for smaller companies.
MFA may not be a priority given the competitive priorities of IT and limited resources in small companies. However, 60 percent of small and medium-sized businesses are hacked off within six months. Even if the smallest companies feel they can fly under the radar and be safe without investing in MFA, unfortunately the data shows something else. Fortunately, there are a number of options that are affordable, easy to use, and every business should be able to find an MFA solution that meets their needs.
Difference in the industry
Unfortunately, this problem occurs in organizations of different sizes, regardless of industry and across platforms. On average, media / advertising employees manage most passwords (97), while civil servants have the fewest (54).
This may be due, in part, to the number of accounts required by the media / advertisers for their daily work or due to the fact that some applications and tools of government employees may not be permitted. However, it is unclear how often passwords are reused, and there is still much work to be done in several sectors.
In industries with the most sensitive customer data, such as insurance and law, the lowest probability for employees to use MFA with a 20% usage for all compared with 37% is high in the technology and software industry. Many companies that encourage or require employees to use MFA tend to be far ahead of their competitors in terms of reducing threats. In cybersecurity, the use of appropriate fundamentals often has the biggest impact on preventing the most common attacks. Therefore, in the coming years, expect greater use of MFIs in the sectors.
The way to more security
While it is important to invest in an access solution, it is no longer enough for businesses to only use tools to improve business security. Education and training must be an ongoing effort to promote the adoption and use of security devices. Targeted changes to the status quo and password risk elimination through easy-to-use tools and training help companies better manage and prevent future security risks.