[BreachExchange] Employees share passwords: here’s what that means for your business

Fri Jun 17 16:24:39 EDT 2016

http://memeburn.com/2016/06/employees-share-passwords-heres-means-business/

Sometimes employees feel they need to supplement their income, and a
surprising few will even go as far as sell company secrets to do so.

One in five employees say they would sell a company password to a third
party, according to a recent survey. It’s an alarming number for employers.
Here is a look at the survey’s findings, what they mean for businesses and
what businesses can do to protect their privacy.

Password management risks

A recent survey commissioned by identity management company SailPoint and
conducted by market research company VansonBourne found a number of
startling tidbits that should get business owners thinking about privacy
and security.

Among the findings: one in four respondents said they would sell their work
passwords to a third party, and 44% would do so for less than US$1000.

Further findings show that employees generally aren’t vigilant with their
passwords, a fact which could also pose risks to businesses. For example,
65% said they use a single password among applications, and one-third share
passwords with co-workers.

What it means for your business

The obvious takeaway for businesses is that policies regarding password
security should be revisited and tweaked where needed. But this stems
beyond current employees — the survey found that 40% of respondents had
access to corporate accounts even after leaving their last job.

Challenges for businesses include identifying and dealing with potentially
disgruntled employees, and doing the same with those who aren’t necessarily
disgruntled but simply careless or under-informed.

It may seem routine or mundane, but dealing with password security is the
key to keeping a businesses’ private data safe and secure.

Here’s what businesses can do

Here are five tips businesses can remember to help ensure their passwords
aren’t breached.

Never stop training

Constant training can be tedious for employees, so one good way to go about
this is to explain the personal benefits of practicing network security. In
addition to initial security training for new hires, companies should
consider ongoing training and constant reminders of things such as changing
or strengthening passwords.

Don’t forget about mobile

Most people have personal smartphones, and many are also issued smartphones
by their companies. While the ability to keep employees connected
constantly has no doubt helped productivity and communication, more devices
also means more potential security breaches. In fact, an all-lowercase
six-character password can be cracked in 10-minutes. Employers should make
sure workers take smartphone security seriously.

Assess potential risks

Some companies don’t worry about the possibility of security issues, but
rather react when an issue arises. If employers understand that their
company will likely deal with security issues at some point, the employee’s
prerogative will be to the potential fallout. One of the best ways to do
this is to plan for security, starting with a complete risk assessment.
This can help businesses develop policies that address specific risks they
might face.

Prepare a response

Once all of the potential risks are assessed, companies can then plan a
response. Many companies can set up an automated security incident response
which collects alert data, analyzes it, and triggers an automatic process
if appropriate.

Preach password protection

One way to make sure passwords aren’t sold or shared regularly is to
implement a policy that continually strengthens employees’ passwords. This
could include encouraging employees to change passwords at least every 90
days, and to never reuse a password. Generally, passwords should always be
at least eight-characters long and include a mix of uppercase and lowercase
letters along with numbers and special characters.

As the survey indicates, password security is a major and growing concern
for businesses. Following these tips can help educate employees and
decrease the risk of a security breach.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160617/67bb5497/attachment.html>