Human Factor in Cyber Security: Why Passwords Are Often Compromised

The price of human negligence

We get it: coming up with a complex password is torture, while waiting for the program or the OS to finish updating interrupts the workflow. But no matter how annoying they are, neglecting them is a serious security risk and one mistake – such as clicking on a link in an unidentified email or sharing sensitive data with unauthorized people – is enough for the company’s work to be flushed down the toilet. So, it’s not surprising that in Kaspersky’s report all major fears regarding corporate cyber security are related to human error, with the leading concerns being the inappropriate sharing of data via personal mobile devices, the physical loss of company equipment, and the misuse of IT resources.

And the sad thing is that companies are worried about improper employee behavior for very good reasons. Not only did the same study highlight that the actions of careless or uninformed coworkers are the second most likely cause of corporate cyber security incidents, but it also turned out that when such an unfortunate event occurs there is a 46% chance that company data is leaked, impacting the business’s reputation and potentially costing money in reparations.

What’s even worse, however, is that many employees act incredibly irresponsibly. For instance, in cases when the company applies the Bring Your Own Device policy – which is more widespread in SMBs – the chances of the inappropriate data sharing occurring rises by 47%. But dishonesty is also a major concern: according to Kaspersky, employees are so afraid of retaliation from the higher-ups that no matter how grave the situation is 40% of offenders will try to cover up cyber security incidents.

How to improve the password hygiene of companies

Granted, this situation we’re describing may seem quite dire but, thankfully, improving the overall cyber security of businesses is something that only requires a bit of attention from employers and employees alike. In fact, the whole process can be started with one of the smallest components that constitute proper cyber security: the password.

Saying it again and again and…

Raising awareness for the importance of cyber security is integral for any business and this can best be achieved by training employees frequently. In fact, employers should always emphasize beneficial actions such as installing updates as soon as possible, never turning the antivirus off, keeping passwords hidden from third parties, and reporting any issues immediately. This will help them to realize that this is the best way to ensure that no cyber security incidents will occur in the future.

Proper password policies

Even though many companies have password policies that explain how employees can avoid cyber security incidents, they are usually worded in such a way that not even the most intelligent of employees could understand what the primary requirements are. As such, a good company password policy should always explain the basics of proper password hygiene in a simple and straightforward manner, specifying elements like the length and complexity of the password, how frequently it should be changed, and what the consequences will be should the employee fail to comply with the rules.

Business password managers

Memorizing strong and complex passwords all the time can be challenging, so it’s more than appropriate to acquire the assistance of a handy tool like a business password manager. As a matter of fact, corporate password management programs are even more advanced than software meant for individuals. Not only are they equipped with everything a password manager should – such as military-grade encryption, multiplatform support, or the autofilling of credentials – but they also provide useful enterprise features like the unlimited sharing of credentials within a safe environment, the creation of customizable password policies, and an effective way to separate personal logins from business related ones.