The security awareness of workers is fundamental when it comes to driving cyber secure practices at work. The impact of the pandemic and widespread shift to remote work has made it difficult for IT teams to manage the human element of security. In response, businesses are turning to identity and access management (IAM) technologies as a means of protecting themselves while keeping employees securely connected.
With so many of us working remotely over the past few months, the pandemic has blurred the lines between our personal and professional lives. What’s more, it has led to a spike in COVIDrelated fraud, whereby cyber criminals are capitalising on the crisis to harvest personal information from homeworkers. IT teams have had to rise to the challenge of how best they can bring the security habits of their workforce up to scratch and change the way they access, store and manage sensitive data.
Taking the first step to improve cyber security
Whether employees are working remotely or in an office setting, better online behaviour is needed. Users seem to understand that; however, they don’t act accordingly.
In the recent Psychology of Passwords report, LastPass found a gap between the knowledge users have about security and the actions they take as a result. In fact, 92% of Brits know reusing a password is insecure, yet an overwhelming 64% still use the same password and 48% won’t change them unless it is required.
The bottom line is that consumers know the risks and understand personal cyber security best practices but are not taking the necessary steps to secure their personal or work data.
Bringing in additional layers of security
People don’t realise how many points of entry hackers have to their lives. The average user has approximately 85 online accounts, and each account is a vulnerability point that can be breached.
To increase cyber hygiene, IT teams can take several steps:
- Secure Access: Multi Factor authentication (MFA) is an additional layer of security that can be used when logging into accounts. From biometrics to one-time codes and security questions, MFA creates a second barrier that can keep malicious actors from gaining access to personal data. Despite the extra step employees will need to take to log into accounts, the extra layer of authentication is critical, especially now that the majority of the workforce is remote.
- Enforce strong access management solutions: Part of the problem is that users continue to underestimate the risks associated with passwords. Encouraging them to use unique and strong passwords, and to store and manage them in a secure way like with a password manager, is an essential first step to protect against malicious activity.
- Eliminate passwords where possible: With more individuals working remotely, IT needs to ensure the right people have access to the right resources for security and ultimately to keep employees productive. Single sign-on (SSO) provides IT teams with more flexibility and the ability to provide employees with access to the applications required for their role, while maintaining complete visibility and control over user access.
Taking these steps considerably lowers potential issues, but organisations need to factor in the human element as well. Even after continued breaches for organisations and individuals, people seem to be numb to cyber threats. Education on cyber hygiene is paramount. Training employees on best practices and the latest cyber security risks – like phishing scams – will help raise awareness on small steps they can take to improve their security behaviours and do their part in keeping the organisation safe.
Improving cyber awareness in the new world
Improving cyber awareness requires a joint effort from workers and IT teams to ensure that their personal and professional data is secure. Technology solutions like MFA and VPNs work well as additional layers of protection, but the foundations begin with a change in an individual’s behaviours. COVID has ushered in irreversible changes to the way we work, and it’s only natural that new security practices, whether it’s additional training programmes or the application of new tools, emerge. By staying cyber aware, businesses can rest assured that employees are secure no matter where they’re working, whether it’s at home or in the office.
Author: Barry McMahon, Senior Manager of Identity and Access Management, LastPass