Despite continuous reminders, security at work remains vulnerable and one of the primary reason for this comes down to password management. Weak passwords are easy to hack and this not only brings with it cybersecurity issues from external threats, it also weakens the integrity of data held within the firm.
Considering issues related to passwords for Digital Journal is Manoj Srivastava, General Manager of ID Agent and Graphus. Srivastava is keen to highlight the importance of education on proper password habits to ensure better protection against cyberthreats.
Srivastava places a great deal of responsibility in the hands of the IT department, noting: “IT professionals need to take a closer look at the security of their environment. Though having the right security solutions in place is crucial, it’s often the small habits that can make or break an organization’s security posture.”
Without the right culture of compliance, risks to data increase. As Srivastava points out: “One of the most important things an organization can do is foster a security-first culture that provides employees with the “why” behind aspects like multi-factor authentication (MFA) and frequent password changes that can often seem like a hindrance to their productivity.”
These attitudes need to be overcome and the best way to do this is through regular reminders about the importance of data protection. Srivastava advises: “Short, frequent security awareness training around topics like the importance of strong passwords and why to use a password manager can help break employee bad habits that threaten the entire IT environment.”
Before launching into a radical culture revamp, time needs to be taken assessing the core issues and working out what is available in terms of systems and the willingness of people to use such systems.
Srivastava continues: “When assessing their technology stack, IT professionals should look for identity and access management (IAM) solutions that combine single sign-on (SSO), MFA and password management to ensure better protection against cyberthreats.”
Srivastava further recommends: “Organizations should discourage reuse of passwords and set strong password requirements for the solutions that employees use daily to avoid the use of some of the most common passwords like 123456 or password—which unfortunately are still frequently used, according to data from ID Agent.”
Weak password does not always mean length and the characters used, it also means the guessability, and driving up the culture of compliance can start here.
