As the number and severity of cyberattacks increase year by year, it seems companies aren't learning the lessons of streamlining their security policies. Weak passwords and clumsy habits are all too common, and businesses need to redouble their efforts to mitigate this. However, more often than not, companies cannot assess how much they are at risk, even if they have password managers. Because? They don't know how effective their policies are. They seem oblivious to their employees' password conventions. They lack comparative data on the performance of companies of a similar size, industry, or location. To address these issues, we surveyed 43,000 large and small organizations across industries using the LastPass password manager and analyzed their employees' password conventions. The report highlights actual password habits in the workplace, while giving CISOs and other IT professionals the information they need to benchmark how their organizations are performing against businesses. Similar and thus improve the security of passwords. Businesses are exposed to a multitude of easily avoidable risks due to their insecure, generic, outdated, and possibly compromised credentials. When it comes to password strength, our data clearly shows that the majority of companies (52 out of 100 on average) perform average and could certainly do better, emphasizing the need for stricter policies and better cybersecurity education. Businesses of all sizes, industries, and locations are vulnerable due to password risk. This is something that all companies could and should work towards to improve security.
A scale problem with size.
In a survey of 43,000 organizations, we found that the larger the company, the lower its average security score. Companies using LastPass with 25 or fewer employees have the highest average security score of 50, but this score decreases as the size of the business increases, up to a point. Companies with more than 500 employees have stagnant scores, sharing the same challenges in improving password security whether they have 1.000 employees or 10.000. These large companies make it more difficult for IT to enforce password security standards on all employees, increasing the risk of insecure behavior. This does not mean that large companies should be above aid, as some of the best performing companies were generally large, showing that size is simply a factor that business professionals must take into account when considering. time to implement security strategies. The bigger the organization, the more difficult it is to face certain challenges, from budgets to paperwork. Small businesses still face similar challenges, but on a smaller scale. While you have fewer resources, it's easier to ensure near-perfect passwords and multi-factor authentication for all employees when the number of employees is reduced. Password sharing is the perfect example of a challenge that is gaining momentum with large corporations. On average, a given employee shares approximately six passwords with her colleagues. Imagine the impact on a company with 100 employees. Now imagine the same for a company with 10,000+ employees. Password sharing is frustrating for IT employees and administrators, users who use weak, but memorable passwords, which have the potential for company criminal records. As teams become more distributed and technologically dependent, the ability to protect, track, and verify shared passwords is more complicated and needed than ever.Image Credit: Shutterstock (Image: © Shutterstock)