Results from a recent survey conducted by OneLogin show that staff don’t pay much attention when it comes to user access and information security. As a matter of fact, 13% of the 1,022 employees surveyed were willing to let their colleagues use a device that could access their company’s network. More worryingly, 10% allow their partners and even children to use the device.
Sharing passwords shouldn’t be the normal procedure
When asked about password-sharing, 20% of respondents admitted sharing their work email passwords and a further 12% share passwords for different work applications. Knowing this, it shouldn’t be surprising that nearly half of all employees are unaware of their company’s policies about password sharing and user access. This communication gap is clearly detrimental to the company’s security.
More than half of companies reported security incidents caused by employees
As reported by the Managing Insider Risk through Training & Culture, 55% of organizations had a security incident maliciously or inadvertently caused by their employees last year. “Security breaches are a near-daily occurrence in the news, said Alvaro Hoyos, Chief Information Security Officer at OneLogin. “Given that it takes only one compromised account to lead to a breach, these lax security practices are troubling”.
Mitigate the insider threat
To get to the root of the problem, here is a selection of tools and resources that can help any company mitigate and reduce the risk posed by insider threats:
- Adopt a bring your own device (BYOD) policy – give your employees clear rules and procedures for using their own devices for business. The BYOD Policy Template Toolkit contains customizable policy templates and implementation guidance to help structure and manage the BYOD policy in any organization. Read more >>
- Implement access controls and administrative privilege management – restrict access to the most sensitive information to employees who need to access it to perform their daily tasks and no one else. You should also limit special access privileges, such as administrative accounts, to a restricted number of your staff only. This is one of the five requirements mandated by Cyber Essentials, a UK Government-backed scheme to help companies improve their cyber security posture. Read more >>
- Adopt a further level of authentication – to mitigate the problems raised by password sharing, adopt two-factor authentication (TFA) or multifactor authentication (MFA). Read more about this in the book Two-Factor Authentication >>
- Increase information security staff awareness – close the communication gap by sharing security policies, procedures, and best practices to follow in order to keep users and the whole company secure. The IT Governance Staff Awareness e-learning courses can be customized to incorporate corporate branding, policies, and specific instructions. Read more about e-learning courses >>