Managing Password Protection & Cyber-Stress

Managing Password Protection & Cyber-Stress

Many SMEs struggle with effective password management and cyber-stress amongst employees. Ian Pitt of LogMeIn explains how technology and staff training can relieve the burden.

By Ian Pitt

An estimated 6.3 million data records are stolen every day, breaches are constantly hitting headlines, phishing emails are rife, and employees are having to manage an increasing number of online accounts. Given this, it’s not surprising that more and more employees are suffering from ‘cyber-stress’ in the workplace.

These should be worrying signs for employers, from both a security and well-being point of view. Employers are often looking to their employees to ensure they’re at the front line of defence when it comes to cyber-security, but with work-related stress and mental illness now accounting for over half of work absences, how can they take this pressure off staff without compromising security?

The problem with passwords

Employees will often prioritize convenience over security, even if they’re aware of the risks. One of the best examples of this can be seen by observing how people approach password management. A recent study found that 59 per cent of those surveyed continued to use the same password across multiple accounts even though an incredible 91 per cent knew that this was risky practice.

Furthermore, over half (53 per cent) reported not changing passwords in the past 12 months, despite breaches in the news. With the recent Facebook hack proving that even the biggest social media players aren’t immune, it was also worrying to see that 26 per cent of European employees are using their social media credentials to sign into business accounts.

So why the lax behaviour? Probably because it’s not within our general capacity to memorize unique, complex passwords for every single online account we use both at work, and at home.

How technology can help

This is where technology can prove to be invaluable to enterprises of all sizes. For example, enterprise password managers can generate complex passwords and store them for staff, so the only password they need to remember is their master password. Employees can also securely share passwords and other confidential data with colleagues. Not only does this immediately alleviate pressure on staff, but it enhances security within an organisation.

Businesses should also consider investing in other tools, such as anti-virus software, and endpoint management solutions. The way we work is changing, and security needs to evolve alongside it. As it becomes more common for employees to work outside of the office, and on multiple devices, investing in endpoint security tools should be a no-brainer. Roles and permissions should also be turned on, so employees can only access the relevant data they need to carry out their jobs. If an intern can access confidential customer details on an Excel spreadsheet then something’s going wrong with the security protocols in place.

Staff should be equipped with the tools they need to carry out their job efficiently, but also securely. And companies shouldn’t wait until a breach or threat to do something about it. 

Educate employees on best practice

While it’s important to get the right security solutions in place, any business that relies solely on technology for protection will still be doomed. After all, the best technological defences can easily be unwound by a social engineering attack.

To complement technology, IT teams should draw up guidelines of best practice to educate staff. With employees spending more time working out of the office and the lines between work and personal blurring, the guidelines should cover topics including the dangers of using public Wi-Fi and using personal devices to access business data.

Policies should also include requirements for employees to change passwords every 3-6 months, as well as advice on how to select a strong password. It should also ensure that multi-factor authentication is introduced across all work accounts. This can be anything from biometrics, such as fingerprints or iris scanning, to behavioural analytics, or a one-time code. By doing this, even if an attacker does get access to a password, they’ll still need an additional piece of information to gain entry into the account.

Looking ahead

The world of cybersecurity is constantly changing and evolving. Criminals are adapting their techniques, and enterprises are challenged with trying to stay one step ahead. Ultimately, companies should take the burden off employees by providing both technology and education, so security becomes easier and more convenient, without being compromised.

By issuing these guidelines, businesses are empowering employees with the information they need to keep company data secure, without being overwhelmed by the amount of ways criminals can potentially infiltrate.

But there’s no guarantee that what protected a business a year ago, will still protect them today, or in the future. This can be stressful for employees who are being viewed by IT teams and businesses as the first line of defence. Therefore it's crucial that companies review these guidelines regularly, and employees should be consistently trained and re-trained throughout their time at the business.

About the Author

Ian Pitt serves as Chief Information Officer at LogMeIn. In this role, he is responsible for Cyber Security, Governance, Corporate IT,  Business applications and Product Operations for the global company. Prior to joining LogMeIn, Ian held a number of CIO and CTO roles in transformational companies and has lead On-prem to SaaS conversions of products and industry solutions teams on a global basis.