With more activity happening in the cloud and employees more frequently working remotely or from a mobile device, IT pros are constantly challenged to keep data secure. The volume and frequency of data breaches is evidence enough of the risks facing today’s businesses. For instance, the Identity Theft Resource Center (ITRC) reports that the number of U.S. data breaches tracked in 2015 was more than 750.
A data breach will certainly have an impact on a company’s reputation and credibility. But what are the tangible implications of a data breach? According to an IBM-sponsored study conducted by Ponemon Institute, the average cost paid for each lost or stolen record that contained sensitive and/or confidential information was $154. In a single attack, a hacker could gain access to hundreds of thousands of accounts, the cost of which can add up quickly.
Cybersecurity is a key issue for every business, and outside of large enterprises, most companies have a small IT team charged with managing security, in addition to their other responsibilities. To help improve overall cybersecurity practices, the first line of defense is often an educated user with strong password practices. In this slideshow, Joe Siegrist, VP and GM, LastPass, has identified ways IT pros can better manage access and improve user password security practices.
Improving Password Security Practices
Click through for ways IT pros can improve password security practices, as identified by Joe Siegrist, VP and GM, LastPass.
Manage Employee Passwords
In order to be effective, good password hygiene should not only be encouraged but enforced. IT pros should implement requirements around password strength to ensure employees are proactively creating robust passwords. For example, possible rules could include requiring a combination of numbers, letters and punctuation or not permitting consecutive numbers and letters. In addition, IT pros should establish policies that require a password to be changed at a given frequency (for instance, every 60 to 90 days).
Turn on Two-Factor Authentication
IT pros should consider implementing two-factor authentication, which requires an additional step before logging into an account, even if the correct password is used (typically through a text message or email that requires the user to verify that they are attempting to login to the given account). Using two-factor authentication provides an additional level of security to ensure the right people are accessing the appropriate accounts.
Prioritize Access Control
Companies may use hundreds of applications as part of their day-to-day operations, and it can be difficult to manage who has access to what information. It’s critical to keep track of the apps used across the organization and be sure to assign access privileges based on roles. Access control is also often overlooked when it comes to off-boarding employees. All off-boarding processes and plans should specifically outline password and access updates so terminated employees no longer can log in to key accounts. IT pros should also create a clearly defined process for improving and maintaining app security. This will ensure the appropriate levels of approval for granting access to accounts as well as increased transparency into who can access what.
Share Passwords Responsibly
A recent LastPass survey showed that 95 percent of respondents share more than one password with others. IT pros should manage shared passwords from a centralized location (using a password manager or secure file is ideal). All shared passwords should be updated regularly, especially when employees leave an organization, and when someone outside of the company (think vendor, client or customer) accesses a corporate account.
Leverage BYOD Policies
With more and more companies transitioning to a BYOD (Bring Your Own Device) environment, IT pros should create specific policies and guidelines when employees are using their own device. Some examples include staying off public Wi-Fi, using two-factor authentication, limiting the applications that can be used or accessed on the device, and establishing an employee exit policy for when employees leave the organization.
Streamline Password Management
IT pros should consider using a password manager to store employee and company passwords in one secure place. By automating password storage, employees are more able and willing to practice good password hygiene since the password manager tool does most of the work for them in terms of remembering and updating passwords.