Provided by LogMeIn
When the COVID-19 pandemic hit, companies suddenly pivoted to a remote workforce. According to research from PwC, 83% of employers say that transition has been largely successful. After the global health crisis ends, however, we will enter a work-from-anywhere world in which remote work is still commonplace, but employees also come into the office as needed.
As LastPass Channel Evangelist Sid Castle explains on the Avant Technology Insights with Ken Presti podcast, making sure users have secure access to their accounts from anywhere will be a top priority in our work-from-anywhere future. Here’s why your remote workforce needs a password manager, some password hygiene best practices that will protect your business, and what to expect as the pandemic slows in 2021 and draws down in 2022.
Why your remote workforce needs a password manager
Now that so many people are working from home, IT no longer has the same level of visibility and control over network security that it once did. If any of your employees use insecure passwords and their login credentials appear on the dark web after a breach, one or more of their accounts could be compromised. Without IT’s knowledge, their work accounts — and from there, critical business data — could be at risk.
IT can prevent this from happening by using a password manager to secure access to critical applications and data. Rather than having to keep mental track of all the passwords they’ve ever created, employees only have to remember one password. This tool captures and stores all their passwords, automatically filling them in when it’s time to log into an account.
A password manager also generates strong passwords and updates old passwords, keeping them current and secure. It even helps employees securely share credentials when appropriate, avoiding the need for writing a password on a Post-it Note.
With a password manager, IT can maintain security throughout the business while still ensuring remote employees have access to the resources they need. A password manager can also teach your employees how to manage their passwords more securely and improve your organization’s overall security awareness.
Password hygiene best practices for a remote workforce
As Castle advised, you want to be sure that only authorized users are logging into your company’s information resources. These password hygiene do’s and don’ts will help your company secure access to its accounts:
- Use unique passwords. Set a unique password for each of your work and personal accounts. That way, if attackers manage to compromise one account, they won’t be able to use that same password to get into other accounts.
- Use strong passwords. A strong password has at least 16 characters including a mix of capital letters, lowercase letters, numbers, and symbols.
- Use a password manager. A password manager keeps track of all your passwords for you, storing them where only you can access them. A good password manager will also use strong encryption techniques like salting and hashing. That way, in the unlikely event that attackers stole your passwords, they couldn’t use of them.
- Use dark web monitoring. Dark web monitoring can notify you when one of your accounts has been breached so you can quickly reset the account’s password and shut the door on any attackers that might want to access that account.
- Add more authentication methods. Security measures are more effective when they include multiple layers. Use additional techniques like multi-factor authentication (MFA) and biometrics as well as geolocation and time of day to confirm that the users logging on really are who they say they are.
- Make life easier for your users. If you make your password security tools too complicated, users will find a workaround that’s not secure. Single-sign on (SSO) lets them log in once and gain access to all the other applications they need. IT can manage SSO and keep track of who’s logging on, so the business is still protected.
- Re-use passwords. Using the same password for multiple accounts or changing just one character in it instead of creating a unique password puts your overall password security at risk.
- Use weak passwords. If you can remember a password, an attacker can guess it or crack it. A strong password greatly reduces the chances of that happening.
- Share passwords. Each user should have a unique password for logging into every account at your organization.
What to expect beyond 2021
According to Castle, businesses will maximize their productivity while working from anywhere in 2022. For example, organizations will want to use a conferencing solution that features security by design. Video calls also consume bandwidth and increase costs, so businesses will likely conserve those resources where appropriate.
In light of the nearly 200% increase in cyber attacks we’ve seen during the pandemic, per Castle, businesses will take stronger steps to secure access to their accounts. Accordingly, IT should train people to identify common threats like a phishing attack and spam calls so they can do their part. This user education is key to a secure, remote workforce.
Our work-from-anywhere world is fast approaching, and businesses have a great opportunity to take advantage of all the flexibility it offers by improving password security right now.