Keeping passwords and other sensitive information such as personal details safe and protected from outside intruders is a priority for all businesses. Even when outsourcing document scanning tasks to a document scanning company, the organization should ensure that the company they partner with complies with all security regulations and follows best practices. In spite of concerns over privacy and data protection, many individuals and businesses fail to incorporate security.
Yubico, the leading provider of hardware authentication security keys, has released the 2019 State of Password and Authentication Security Behaviors Report, conducted by the Ponemon Institute. For the purpose of study, Ponemon Institute surveyed more than 1,760 IT and IT security practitioners in the UK, US, Germany and France. The survey revealed the following interesting facts:
- More than two-thirds of employees (69%) share passwords with colleagues in the workplace to access accounts and 51% of employees reuse an average of five passwords across their business and personal accounts.
- 63% of respondents said that they have become more concerned about the privacy and security of their personal data than two years ago. The data that respondents are most concerned about include Social Security number or citizen ID, payment account details and health information. The reasons for the concern about their privacy are government surveillance (59%) and the growing use of mobile devices (51%) and connected devices (40%).
- 47% of respondents said that their companies are most concerned about protecting customer information and 45% of respondents said that they are most concerned about protecting employee information.
- 51% of respondents have experienced a phishing attack in their personal life, while 44% of respondents have experienced a phishing attack at work. Even though phishing attacks are occurring on a frequent basis, 57% of respondents who have experienced a phishing attack have not changed their password behavior afterwards.
- Added protection beyond a username and password, in the form of two-factor authentication (2FA) is not used extensively. For instance, 55% of respondents do not use it at work and 67% of respondents do not use any form of two-factor authentication in their personal life.
- The poor security practices of employees are incurring additional unnecessary costs. On an average, respondents report having to spend around 12.6 minutes each week, or 10.9 hours a year, entering or resetting passwords. On the basis of the average company size of almost 15,000 employees in the research, the report said the estimated annual cost of productivity and labor loss per company averages $5.2 million annually.
- As managing passwords could be inconvenient and complicated, 57% of respondents expressed a preference for password-less log-ins which will help protect their identity. 56% of respondents believe that a physical hardware token will offer better security.
Yubico says, the aim of this study is to understand the beliefs and behaviors surrounding the password management and authentication practices for individuals in the workplace and at home. The outcome is that in spite of the increasing concerns regarding privacy and protection online and a greater understanding of the best security practices, individuals and businesses are still falling short. They require effective solutions that will offer both added security and convenience. The following are some of the best password management practices that can help both individuals and organizations strengthen their security against current threats.
- Adopt strong passwords or long passphrases
- Avoid changing passwords frequently; instead change the password only in case of a potential threat or compromise.
- Generate password blacklist
- Apply two-factor authentication for all accounts
- Add advanced authentication methods including biometric system (logging into an iPhone using a thumb print with Touch ID or authenticating on a Windows 10 PC by looking at it with Windows Hello facial recognition) behavioral biometrics (creates a unique profile of each user by analyzing their interactions with the system).
- Apply end-to-end encryption
- Protect accounts of privileged users by providing the users with a different login URL and allow only a single sign-in attempt
- Ensure secure connection by using a Wi-Fi Protected Access (WPA) 2. Provide a secure VPN connection to remote workers.
- Ensure continuous backups of sensitive information
- Train employees to detect and avoid phishing and other social media attacks, explain how criminals may use social engineering for cracking passwords, and encourage employees to avoid sharing information that could be exploited for attacks.
Similarly, when partnering with service providers such as document scanning companies, businesses must make sure that they have strict security measures in place.