For many tech leaders and IT departments, the coronavirus pandemic and ensuing shift to remote work brought cybersecurity vulnerabilities to the forefront. Many employees, however, haven’t taken steps to shore up their online security — even if they know they should.

LastPass, an online password management platform, conducted a Psychology of Passwords survey of 3,750 professionals around the world. What they found should spur action among company IT leaders to strengthen protection of company data.

When it comes to online security, the professionals surveyed generally know what they should do but don’t always do it.

  • 92% acknowledge that using the same password or a variation is a risk
  • 79% agree that compromised passwords are concerning

However:

  • 65% always or mostly rely on the same password or variation
  • 45% did not change their passwords in the past year even after a breach had occurred
  • 83% did not know whether their information was on the dark web

Surely people understand that some accounts require more security than others, right? Well, sort of. Only about one-third of those surveyed create stronger passwords for work-related accounts. Nearly half said they hadn’t changed their online security habits, nor did they strengthen their work passwords, since working remotely. And 44 percent admitted they had shared sensitive information or work account passwords while working remotely.

Lax IT policies may contribute to employees’ lack of cybersecurity awareness:

  • Only 35% of employers made employees update their passwords regularly after transitioning to remote work. The same percentage enhanced authentication methods for remote employees.
  • 39% of employers ensured employees accessed the company network via secure channels.

Education is the first step in securing your company’s data. One of the top reasons professionals surveyed said they didn’t engage in better password management is because they didn’t consider their accounts valuable enough for hackers. Maybe your finance department can see the direct consequences of leaving their accounts vulnerable, but the marketing department doesn’t. Take time this month to show every employee that their teamwork is valued, and that they are all an important link to company data and business intelligence — which needs to be protected with secure online habits.

Here are a few suggestions to help employees create strong passwords:

  • DON’T create passwords that have ties to personal or company information. Using the company’s address as a password is a bad idea.
  • DO leverage nonsensical phrases, rather than single words, peppered with numbers and symbols. These make passwords longer, stronger and easier to remember — not to mention harder to crack.
  • DON’T use the same password for work that you use to sign on at the gym, the bank, the library or anywhere else. A breach at any of those other entities leaves your company exposed.
  • DO update passwords when notified of a security breach.

Utilizing VMware’s Workspace ONE is another way to step up your organization’s security. The digital workspace platform offers single sign-on, meaning employees only have to remember one master password to access the files and apps they need to do their job. This helps workers overcome a top roadblock when it comes to choosing passwords: 68 percent said they reuse passwords because they are afraid of forgetting them. Workspace ONE also employs Zero Trust security to verify every endpoint and end user that attempts to access the network.

Tech Orchard can help you go further in securing your organization’s data by creating mobile device usage policies, which could include guidelines on how often passwords are required to be changed at work. These policies also lay out best practices and expectations that allow your IT team to feel more confident in the company’s overall security.

October is Cybersecurity Awareness Month, which is an important reminder to review your company’s policies and rectify any potential vulnerabilities. Contact Tech Orchard to talk about Workspace ONE, mobile device usage policies or other best practices for keeping your data secure.