A truism of the modern workplace is that your employees underestimate the risk that their password habits present to your enterprise. Indeed, a study of password habits by CSID in 2012 showed that more than 60 percent of respondents used the same password on multiple sites. Even worse, nearly 45 percent of those respondents said they changed their password less than once each year.
Poor password habits are the root cause of many data breaches, even when you maintain good data security otherwise. Here are five bad habits your employees should omit from the workplace immediately.
1. Using the Same Password Across Multiple Sites
In the CSID study, employees admitted they often used the same password because they were afraid they’d forget one otherwise. However, maintaining one password for many sites increases the risk that a single hack can compromise accounts in multiple locations and devices, including your enterprise’s network.
Even knowing the risks associated with poor password management, many employees in the study said they still felt secure doing so, indicating a lack of education about basic cyber security safety.
Even knowing the risks associated with poor password management, many employees in the study said they still felt secure doing so, indicating a lack of education about basic cyber security safety.
2. Never Updating Passwords
Many companies have begun instituting enforced password durations, where passwords automatically expire to reduce the risk of potential information security breaches. Even if your enterprise doesn’t force its employees to change their passwords, they should still do so every 30 to 45 days to reduce vulnerability.
3. Checking the “Remember Me” Option
While browsers and apps include the “remember password” option for convenience, it increases the risk for an information security breach. Even worse, you’re more likely to forget a username and password if a website remembers it for you.
4. Emailing Passwords
Temporary passwords are a great way to provide information security to ad-hoc projects and other short-term scenarios, but misusing them is not. Your employees should be taught that passwords must only be shared with those they trust—and only when absolutely necessary. Most importantly, you must ensure that short-term passwords are just that. Deactivate them as soon as they’re no longer required.
5. Not Having a Password System
Employee concerns about remembering multiple passwords can easily be solved by using a password management program like Last Pass or Dashlane. These convenient tools let you quickly and easily setup multiple passwords for different accounts.
Although each of these habits has its reasons for existing, breaking them is an important component of establishing true information security protection for your enterprise. Contact us today to request an enterprise risk assessment and vulnerability assessment.
Although each of these habits has its reasons for existing, breaking them is an important component of establishing true information security protection for your enterprise. Contact us today to request an enterprise risk assessment and vulnerability assessment.