Why company security isn't just an IT problem

(Image credit: Natty_Blissful / Shutterstock)

They say a chain is only as strong as its weakest link; when it comes to cybersecurity, the weakest link in your organization is your corporate passwords.

For IT admins, data security is always top of mind, while other departments may not feel the same sense of responsibility or even know how to approach cybersecurity.

Fostering a strong security culture at work is key, which means empowering employees to do their part in keeping company data secure and making it easy to stay on top of—with the right tools.

About the author

Jay Leaf-Clark is Head of IT at Dashlane

So, how are things at work?

It’s useful to know how much employees value cybersecurity. According to a recent survey, 59% of U.S. workers said they are more concerned about safeguarding personal accounts than business accounts. How does this affect their behavior? A total of 30% of respondents said they reuse business account passwords, while 22% said they recycle personal passwords for business credentials. 

People also tend to think their security habits are better than they are; 69% of people surveyed gave themselves grades of As and Bs for protecting their online accounts, yet 65% reuse their passwords for multiple accounts. And on average, employees reuse passwords across 16 work accounts.

This may sound like a big hurdle to overcome, but there is good news: 79% of respondents said they take some personal responsibility for the company’s overall security. This likely means that employees want to do their part to protect company data, but may be resistant to changing their existing habits or haven’t recognized the importance of their role in the defense against security breaches. 

Security solutions are not a one-stop shop

You may have already attempted to implement company-wide security practices to no avail. Commonly, this is because of a few reasons: 

Employees sidestep company requirements for password storage
The pressure to complete a task at work often overrides the pressure to adopt security solutions, especially when your boss is asking you to get something done by yesterday. Adopting new password habits can interrupt ingrained workflows, even if it is far more effective in the long run. Employees disregard password security solutions to save time and simplify their workdays by relying on habit.

Employees don’t feel like they’re part of the solution
Members of the company might assume that certain software used by an organization is protection enough against hackers and breaches. Cybersecurity solutions such as endpoint threat detection and response, network firewalls, and vulnerability assessments may provide protection for your network and devices, but all a hacker needs are corporate credentials to gain access to sensitive data. In fact, weak and compromised passwords are the main cause of hacking-related data breaches.

Your security solution doesn’t include maintenance and follow-up
Even if you teach employees how to secure passwords, you also need to make it easy for them to follow best practices. While many employees understand that certain ways of sharing and storing passwords are not secure, the habit of storing credentials in spreadsheets or sharing them via email is still widespread. 

The times: they are a-changing
Despite companies investing in cybersecurity, nearly 3,000 publicly disclosed breaches exposed 36 billion records during the first three quarters of 2020. The digital landscape continues to introduce new, unprecedented risks, and implementing a risk-based security program with a password manager is the only way to ensure you’re addressing the security priorities that will have the most impact on protecting your business. That’s why password managers are critical—if your passwords aren’t secure, nothing is.

Three easy ways you can make employees part of your company’s security solution:

Help them understand how their behavior impacts the company’s data privacy and security
We didn’t invent the “weakest link” analogy, so feel free to use it to drive this point home: When it comes to cybersecurity, anyone’s actions can make or break the effectiveness of even the best of best practices. It’s up to everyone at the company to keep corporate passwords safe. 

Educate them about best practices that help protect them and the business
It’s 2021—we’re not using sticky notes or spreadsheets to record our passwords anymore. Password managers offer comprehensive security solutions to nip these bad habits in the bud. The more familiar employees are with the dos and don’ts of cybersecurity, the more likely they are to follow them. 

Give them the tools that make it easy to follow best practices without disrupting their productivity
The goal of developing a cybersecurity strategy with a password manager is to set up and maintain the cyber-health of your business and its people, partners, services and products. 

A business password manager makes it easy for everyone to safely and securely access your network and share data. Perhaps even more importantly, it should host features that empower employees to become active participants in your company’s security, while giving admins the tools they need to understand and improve password security. It is imperative that businesses wanting to avoid being the next headline of a breach immediately put into a place a robust process to audit, standardize, and continuously monitor the safety and security of the credentials within their organizations.

Jay Leaf-Clark is Head of IT at Dashlane