How much do you expect of your employees when it comes to online security? In the age of computer automation, employees are increasingly managing their responsibilities online; from blogs, to collaboration tools, marketing automation, and CRM. With the integration of online properties comes an increase in company profiles tied to those properties. And while the programs themselves may bolster workforce productivity, remembering and resetting connected credentials can be a time drain.
Employees, striving for convenience and productivity, often revert to writing down their logins. It may be in the form a sticky note “hidden” under a keyboard or an Excel spreadsheet with each URL, username and password precisely recorded and saved to their desktop. And, while the convenience of such actions is inarguable, the security implications are significant. According to a 2016 Data Breach Investigation Report from Verizon, “63% of confirmed data breaches leverage a weak, default, or stolen password.”1
This is particularly troublesome as employees are the first line of defense when it comes to maintaining a company’s online security. To complicate matters further, with the rise of BYOD, companies are at an increased risk of losing valuable company information, resulting from simple mishaps such as lost or stolen devices (particularly if these devices are not secured with passwords or passcodes) or unexpected employee turnover without the immediate revocation of credentials. According to a 2016 national survey conducted by the Pew Research Center “84% of online adults rely primarily on memorization or pen and paper as their main (or only) approach to password management. In addition, 25% admit to using simple and less secure passwords to assist with memorization.” 2
Companies are aware that breaches can undermine customer trust and endanger revenue growth, but they often handle such matters in a counterproductive manner, implementing mandatory periodic password resets, which prove to be timely and costly. When consistently required to reset passwords, particularly with specific strength requirements, employees often revert to unsafe storage practices or they simply forget their passwords. According to the Gartner Group, between 20 to 50 percent of all help desk calls are for password resets. Forester Research states that the average help desk labor cost for a single password reset is 70 dollars. 3
In accordance with the NIST 2017 standards, however, “verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters) for memorized secrets. Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically). However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.” 4
Rather than focusing on a fix, companies should focus on eliminating the problem. Elimination can be achieved with the implementation of RoboForm for Business. RoboForm automatically saves passwords, storing them in a unique protected vault, encrypted with AES 256 encryption. Users create their own Master Passwords and the only they know the password to their vault. A user’s Master Password is never stored on RoboForm servers and multi-factor authentication is included as an option. Company owned RoboForm data can be securely shared with other employees using public-private key cryptography. This ensures that employees can only access RoboForm data assigned to them while using their own Master Password and with the permission levels company admins sets for them.
RoboForm’s powerful yet simple to use Management Console allows companies to create, deploy, and manage all employee accounts, while secure sharing gives provides company Administrators and Group Managers the tools needed to distribute credentials to groups or individual users in a simple, timely, and cost-effective fashion. Calculate how much RoboForm can save your business and experience the benefits today by signing-up for a free trial 14-day trial.
Sources:
1. http://www.verizonenterprise.com/verizon-insights-lab/dbir/2017/
2. http://www.pewinternet.org/2017/01/26/americans-and-cybersecurity/
3. http://www.mandylionlabs.com/PRCCalc/PRCCalc.htm
4. https://pages.nist.gov/800-63-3/sp800-63b.html
