Our world is becoming more and more digital, and with Covid-19 sending people home from work, school and travel, the increase of digital online activity increased substantially. Now it is even more important to review and implement secure password protocols and behaviours individually and company wide.
The recent significant increase in employees working from home as a result of the COVID-19 pandemic brings with it an increased risk of cyber security threats. And with this came the increase in cybercrime. Cyber criminals are well aware that IT departments and cyber security groups are stretched thin during the pandemic, making them more exposed to attacks.
In fact, according to a recent survey, one organization saw phishing and cyber attacks rise by 40%. With 25% of Canadian organizations now going entirely remote and 85% going remote with at least half of their workforce, it’s important to keep cyber security measures on high alert in this new landscape of increased remote working.
Now it is even more critical for corporations to have secure password protocols and eliminate misbehaviours in individual password management.
Sobering statistics regarding password behavior*
- Most people have more than 50 passwords (work, personal, shopping, banking etc). This leads to password fatigue.
- 66% of people use the same password or a variation, even though 91% know this is risky behaviour
- 85% of security breaches are a result of human (mis)behaviour
- 68% of people who use passwords fear they will forget them
- 36% do not feel their accounts are valuable enough for hackers
- 11% Increase in phishing scams in the last year
- 83% of people do not know if their information has been compromised
The psychology behind password behaviour and avoidance of secure password protocols
Even though people understand the risks of in adequate password security, many do not follow know best practices. They psychology behind this stems from:
Fear – forgetting passwords
Desire – wanting to be in control of all passwords and not trusting password vaults
Apathy – thinking that they will never be a target and accounts are not desirable to hackers
Many people have password overload, which leads to bad behavior like reusing the same password both at work and at home. Or using passwords with common or easily hacked information like pet or child names and dates of birth.
Solutions: Standards and training
For most companies it is ideal to work with all stakeholders to implement password policies that find a balance between keeping the company secure, making it easy to implement and understand with employees, and making sure it does not hamper productivity or cause frustration.
Top tips for IT staff and executives need to take the lead on setting the standards for all employees to follow secure password protocols:
- Treat all accounts as vulnerable
- Create unique passwords for every account
- Update passwords regularly
- Utilize password vaults, and train staff on how to use them effectively
- Eliminate writing down passwords and keeping them in an unlocked desk drawer
- Have a protocol for the “strength” of passwords required for company related accounts
- Monitor emails on the dark web
Password protocols: The experts agree, long and strong
Experts agree that there are two important things to password best practices. Do not use personal information such as your kids or pets name – even in long passwords. And do use long and strong passwords. This does not mean you can’t utilize passwords that you can memorize more readily, just use the information in a way that is difficult to hack. But experts also agree, that using a password vault that has the highest standard of encryption is really the only way to go. You only have to memorize one password.
Experts tips for password best practices. Do not use personal information such as your kids or pets name and use long and strong passwords.
How to create a memorable password that is long and strong
Create a non-sensical statement but that you can remember. For example, if you are close to your extended family you could use a phrase such as #aunty3Oliveu>cle4&palomino$$. To remember: My third oldest aunty dislikes olives and my 4th uncle likes expensive horses. Throw in some characters to help create a stronger password.
Cyber security tips for employees working from home
Take the following tips into consideration for your remote workforce:
Develop a remote work policy specifically for the pandemic. Consider developing a new, written work from home policy that goes into effect only during the current pandemic. This policy can account for all special considerations that are different from your original policy, which may need to be reverted back to once the pandemic ends.
Connect to a virtual private network (VPN) if possible. A VPN can provide a direct connection to the organization’s normal applications, similar to if the employee was connected directly to the organization’s network. This can hide the user’s IP address, encrypt data transfers in transit and mask the user’s location. If the organization already has a VPN, ensure that it can handle the extra bandwidth from the sudden influx of new remote users.
Ensure software is updated. All devices being used for work should be secured with up-to-date firewall, antivirus, anti-malware and data encryption software.
Enforce basic cyber security practices. Reinforce the importance of basic cyber security practices, such as using strong passwords and connecting to a hot spot or encrypted web connection instead of public Wi-Fi.
Train staff on how to detect a phishing attack. Educate staff on how to recognize a phishing attempt, such as emails that request private information, use a generic introduction rather than your name, have spelling errors or use a suspicious email domain.
Avoid using removable media. The use of removable media such as USBs, SD cards and discs may expose valuable resources to malware and virus replication, never use it as the sole storage location of valuable data.
Enable multi-factor authentication. In addition to a strong password, require that employees enter a code that they receive separately (such as via a predetermined mobile phone number) if possible to decrease the risk of unauthorized access.
Limit employee access. Rather than allowing employees access to all programs and resources, grant them access to only the programs and resources that are essential to their duties.
Send contact reminders. In the event of stolen materials or identifying a possibly malicious link, the switch to remote work may create uncertainties as to how to contact the IT or cyber security team. Send your employees a reminder with the proper contact information for IT-related questions or concerns.
October is cyber security month. But every month should be cyber month for all organizations. Take the time to implement best practices into your company. Cyber security is a serious issue for your organization and its employees. As such, it’s important that you recognize potential vulnerabilities and take steps to prevent a cyber attack on your workplace.
For more information on cyber security and working from home, contact Reliance Insurance Agencies, Ltd. today.
Resources for Secure Password Protocols
Reliance Insurance: How to protect your company when cyber attacks happen from within an organization
*Stats provided by Last Pass: Psychology of passwords 2021
Some content was originally published by Zywave (with permission)