Give CISOs the means to enforce password security.

• The comparison
• Tutorials
• Give CISOs the means to enforce password security.

As the number and severity of cyberattacks increase year by year, it seems companies aren't learning the lessons of streamlining their security policies. Weak passwords and clumsy habits are all too common, and businesses need to redouble their efforts to mitigate this. However, more often than not, companies cannot assess how much they are at risk, even if they have password managers. Because? They don't know how effective their policies are. They seem oblivious to their employees' password conventions. They lack comparative data on the performance of companies of a similar size, industry, or location. To address these issues, we surveyed 43,000 large and small organizations across industries using the LastPass password manager and analyzed their employees' password conventions. The report highlights actual password habits in the workplace, while giving CISOs and other IT professionals the information they need to benchmark how their organizations are performing against businesses. Similar and thus improve the security of passwords. Businesses are exposed to a multitude of easily avoidable risks due to their insecure, generic, outdated, and possibly compromised credentials. When it comes to password strength, our data clearly shows that the majority of companies (52 out of 100 on average) perform average and could certainly do better, emphasizing the need for stricter policies and better cybersecurity education. Businesses of all sizes, industries, and locations are vulnerable due to password risk. This is something that all companies could and should work towards to improve security.

A scale problem with size.

In a survey of 43,000 organizations, we found that the larger the company, the lower its average security score. Companies using LastPass with 25 or fewer employees have the highest average security score of 50, but this score decreases as the size of the business increases, up to a point. Companies with more than 500 employees have stagnant scores, sharing the same challenges in improving password security whether they have 1.000 employees or 10.000. These large companies make it more difficult for IT to enforce password security standards on all employees, increasing the risk of insecure behavior. This does not mean that large companies should be above aid, as some of the best performing companies were generally large, showing that size is simply a factor that business professionals must take into account when considering. time to implement security strategies. The bigger the organization, the more difficult it is to face certain challenges, from budgets to paperwork. Small businesses still face similar challenges, but on a smaller scale. While you have fewer resources, it's easier to ensure near-perfect passwords and multi-factor authentication for all employees when the number of employees is reduced. Password sharing is the perfect example of a challenge that is gaining momentum with large corporations. On average, a given employee shares approximately six passwords with her colleagues. Imagine the impact on a company with 100 employees. Now imagine the same for a company with 10,000+ employees. Password sharing is frustrating for IT employees and administrators, users who use weak, but memorable passwords, which have the potential for company criminal records. As teams become more distributed and technologically dependent, the ability to protect, track, and verify shared passwords is more complicated and needed than ever.

Image Credit: Shutterstock (Image: © Shutterstock)

Cybersecurity: a problem without borders

Technology and nonprofit organizations had the highest security scores, followed by retailers and insurers by far. Given the need to comply with privacy and data protection laws and the technical nature of this sector, it is not surprising that technology companies are leading the way. Even in this case, other highly regulated sectors such as banks, healthcare, insurance and public administrations, all of which are frequently targeted by cyber-attacks, had lower security scores, revealing an opportunity for these sectors of the economy. commit to strengthening password security. Renowned for security and adoption of standards such as the General Data Protection Regulation, German companies rank above the world average in terms of security scores, closely followed by the Netherlands. The UK comes in sixth, even though the country has a number of very successful people, we have a lot of work to do overall. In particular, the UK leads other European countries in adopting multi-factor authentication, but ranks well below that of the US. Ten percent of companies using multi-factor authentication are in the UK and around 63% in the US. It is clear that despite the increasing use of this technology as a whole, many countries are lagging behind in this security trend.

A step in the right direction.

Improving overall security is a work in progress, but regardless of size, industry, or location, all organizations need to take steps to improve password management, and we're already seeing a positive selection of password management companies. We found that within a year of setting up a password manager, most companies increased their security score by almost 15 points on average. For companies considering establishing a password manager or trying to measure the strength of their own passwords for board reports, this report should serve as a useful benchmark, offering realistic goals and best practices. password is certainly a difficult hurdle to overcome. How could you realistically measure security if you lacked detailed information on the most vulnerable areas? That's what a password manager does, while also making employees more productive and helping to improve brand perception and employee satisfaction as businesses have the tools they need to protect themselves from future threats. . . Gerald Beuchelt, Head of Information Security at LogMeIn