Cybersecurity policies and procedures are effective only if they're followed--and studies continue to show that security best practices are routinely ignored. It's time for a better approach.
Password management best practices stress the need for every employee to use a different strong password for every system they access within the enterprise. It is a basic principle that has been emphasized over and over by every IT professional and cybersecurity expert that has ever been asked to make organizational security policy. Yet despite all this effort, employees still ignore the rule and greatly increase the security vulnerability of business networks everywhere.
A June 2018 survey by OpenVPN reveals that 25% of employees admit that they use the same password for every enterprise system they access on a regular basis. That percentage is likely to be higher if you consider the number of respondents too embarrassed to admit to such a security violation. Ironically, the same Cyber Hygiene Study 2018 reports that 60% of employees also cite the threat of personal data compromise as their top cybersecurity concern.
SEE: Information security policy (Tech Pro Research)
Reconciling employee disregard for basic password management with the very real need for better enterprise cybersecurity practices will require a major attitude adjustment by both sides of the equation. IT pros and cybersecurity experts have to acknowledge the inconvenience of trying to remember sometimes dozens of system passwords. At the same time, employees must realize their responsibility to follow best practices for creating effective enterprise-wide cybersecurity.
Obviously, IT departments emphasizing what awful things could happen when security best practices are not followed is not having an impact on employee behavior. Perhaps it's time to take a more positive approach to cybersecurity. Employers might want to consider a program that rewards or otherwise acknowledges individuals who embrace cybersecurity policies instead of chastising those who don't.
SEE: Password managers: How and why to use them (free TechRepublic PDF)
Implementing policies and procedures that lessen the burden of remembering a dozen passwords is a good place to start. A combination of password management software and biometric authentication could go a long way toward producing a positively reinforced enterprise-wide password management system.
TechRepublic's premium sister site, Tech Pro Research, offers a potential solution with its Password Management Policy. The policy provides guidelines for the consistent and secure management of passwords for employees and system and service accounts. It can serve as a framework for developing a comprehensive, workable, and effective password management program for your organization.
- The 20 worst passwords of 2017: Did yours make the list? (TechRepublic)
- Why most of what we know about passwords is wrong, and how businesses should respond (TechRepublic)
- Password managers: A cheat sheet for professionals (TechRepublic)
- Password security: Tips for creating a better policy (ZDNet)
Be honest: Do you use the same password for different systems? Share your thoughts and opinions with your peers at TechRepublic in the discussion thread below.