At a time where most of your business tools are online, the average employee needs to remember over 20 different passwords. This might seem like a huge figure. But, in reality, employees in large organizations need to type 4 or 5 times the same amount of passwords in a single workday. Indeed, when you think about it, everything we do in the office is password-protected.
Checking your emails requires logging in to your mailbox.
If you’re going to keep an eye on current projects, there is probably a project management tool with a password.
Are you expecting the latest sales or marketing figures? No problem, just log into your favorite sales or marketing tool. You’ve likely got a few of these to check throughout the day.
This is only a brief overview of when and where passwords can be required. If you work in an office, chances are, you’ve already spotted several scenarios that are not mentioned here. The bottom line is that we use passwords in our everyday professional activities. While it’s an integrated habit in the business world, it doesn’t mean that the excessive use of passwords is safe. As more and more companies are making the move to digitize and embrace remote work options, now’s the right time to reconsider your business password consumption.
Weak passwords cause 81% hacking breaches
According to Verizon Data Breach Report, over 8 in 10 hacking breaches are caused by the use of weak or stolen passwords. In other words, there’s an increasing need for password security in the business. Unfortunately, it can be tricky for companies to implement effective password policies. You can’t check every individual employee. More importantly, as one employee needs to remember a minimum of 20 passwords, it’s easy to see why cyber security can become a little lax. There is often too much going on to remember all the password setting and cyber protection rules. Additionally, when you need to enter dozens of passwords throughout the day, you end up picking combinations that are easy to remember. Unfortunately, weak passwords that can be easily guessed, or passwords that can be stolen by hackers on unsecured sites remain a serious threat.
Safe passwords use is all about organization
How can you keep track of all password use within the company? There’s so much going on at the same time! However, being busy is pointless if you can’t keep your small business organized. As such, your need to keep your IT in check to manage password security and protection. Working closely with a dedicated IT expert – either in-house or through a managed service provider –, can transform the way your team handles their passwords. You can set up regular notifications to remind your employees to change their passwords. Additionally, your IT service provider can also help you monitor password use so that you can spot fraudulent use early and avoid data breaches. Ultimately, the primary issue when it comes to password management is that you can’t focus your business attention on passwords only. You’re running a company; your responsibilities don’t include password checks! But an IT security team can help you to stay on top of your password protection.
Co-workers share passwords all the time
Your team shares tools. Of course, you say. We’ve got only one Google Analytics or Canva account! And you would be right. Marketing teams are the first prone to share digital tools and therefore share passwords too. While you can create multi-user access with some of the tools – such as Google Analytics, for instance, more often than not, one tool has one login account associated with it. As such, your entire team works with the same login credentials. You can also find it happening in technical and development teams, where design and programing solutions are shared. Sales teams often have single access to some of the main forecasting, client overview, and sales funnels tools. To put it bluntly, your business tolls are insecure because anybody with access could accidentally leak the password.
The boss wants to know the admin passwords
Sharing passwords is a risky activity. However, you can’t blame your team for doing so when there is no other way to use their everyday tools. But, sometimes, the threat comes from above. Indeed, managers can request to know all the admin passwords in the company. Some companies even have specific policies that enable managers to access employers’ passwords. Depending on their responsibilities, access rights and administrative rights could mean that no password is kept secret from them. The problem with this old-fashioned practice is that not only can employees feel spied on, but managers also create an additional layer of uncertainty regarding password protection. Can you trust the boss to follow password security policies? They could print out all passwords and keep the file on their desk, making it easy for anybody to steal. They could save the digital data in a public storage solution, which could be hacked at any time.
Password creativity is running dry
Password fatigue is a familiar feeling that affects everyone who needs to use passwords on a daily basis. Your employees are the first to experience it, especially if they are made to change their passwords regularly. As a result, they are likely to develop habits that put password security at risk.
Passwords can become very easy to guess, such as using a date of birth and their first name, for instance. Unfortunately, creating passwords that are difficult to crack and meet the required pattern of letters, digits, and special characters becomes hard work when you do it too often. Password fatigue can not only lead to a lack of password creativity, which makes them easy to steal, but also a gradual increase in frustration and anger.
- John82475!
- 1d0ntkn0w!
- l3aveM3al0n3
- F$ckth4tsh!t
As a result, your employees are likely to progress down a similar path of password fatigue, making passwords very similar across the whole business.
Former employees still have access
What happens to employees who have left the company? The saying out of sight, out of mind doesn’t apply here. Almost 90% of former employees keep the login credentials they had with the company. What is more alarming, however, is that almost half of ex-employees claim that they still can access confidential data and business tools long after their departure. Keeping passwords and login information is one thing. However, the business should ensure that tools and data used by former employees are not accessible after they left the company. In other terms, businesses don’t take sufficient steps to safeguard their data. Changing passwords for tools and storage clouds is all it takes to stay safe.
Remote work means security issues
We live in a world that is embracing home offices and remote talents. As such, more and more businesses are confident in the productivity and professionalism of their home-based teams. However, few businesses issue their remote employees with a work laptop. As a result, many home-based professionals rely on their personal devices to get on with work tasks. When it comes to cyber security, this means that business passwords can potentially be stored on personal laptops. Additionally, a family laptop is often shared among family members, which means that passwords can be accessed by individuals who are not related to the company.
Another worry about using personal work devices is the absence of dedicated security solutions, such as antivirus and fraudulent activity monitoring software. Consequently, a personal laptop is more likely to be an easy target for hackers., who can steal passwords.
Current password rules are ineffective
Don’t write your password down.
Don’t share it with anybody.
Don’t save it on your device.
These are the most common password protection rules. Unfortunately, they are not practical in everyday business. When you have over 20 different passwords to remember at any given time on top of business data, how do you manage to remember them? If you’re going to tackle the many threats to password security, you need to begin your journey by acknowledging the current situation. Your team has no intention of being careless. However, they have better things to do than learning a long list of convoluted passwords every few months.
What’s the future of passwords?
Password managers are not a novelty anymore. Countless companies have made the switch to a management tool such as LastPass to keep all passwords in one place. The idea is that your employees won’t need to remember a large volume of passwords. Additionally, you can easily give access to shared tools through the password manager solution. However, while it reduces the use of passwords, you still need to know at least one password to log into the tool. One password is all it takes for a hacker to gain access to your entire business.
We understand that companies need passwords in their everyday tasks. However, the use of passwords presents significant security risks from hackers, password managers, former employees, remote workers, and demanding password policies.
Should companies go password-free and rely on biometric access only? This could be difficult to implement on all devices.
Is double verification the way forward? As much as password fatigue is real, it’s fair to say that the double verification process will also affect your employees.
The debate remains open. What would be the best alternative to passwords?
REF: askaaronlee