Driving cyber awareness is an important part of maintaining a secure online presence and protecting corporate data. The pandemic introduced newfound challenges for IT teams when managing a remote workforce and a focus on the security hygiene of workers has become more important than ever. As a result, identity and access management (IAM) tools have emerged as a key priority for companies aiming to keep their workforce secure while continuing to improve efficiencies.
The surge in remote workers has presented new opportunities for hackers to capitalise on the pandemic. Through various Covid-related scams and phishing attacks, a select group of fraudsters is targeting remote workers in an attempt to harvest credentials and other sensitive corporate information. For IT teams, the focus now rests on combatting the weak security habits of employees in an effort to improve security awareness and prevent company data from falling into the wrong hands.
Driving security awareness
Whether employees are working remotely or in an office setting, better online behavior is needed. Users seem to understand that; however, they don’t act accordingly.
In the recent Psychology of Passwords report, LastPass found a gap between the knowledge users have about security and the actions they take as a result. In fact, 92% of UK workers know reusing a password is insecure, yet an overwhelming 64% still use the same password and 48% won’t change them unless it is required.
The bottom line is that consumers know the risks and understand personal cybersecurity best practices but are not taking the necessary steps to secure their personal or work data.
Introducing new methods of protection
People don’t realise how many points of entry hackers have to their lives. The average user has approximately 85 online accounts, and each account is a vulnerability point that can be breached.
To increase cyber hygiene, IT teams can take several steps:
- Secure Access: Multifactor authentication (MFA) is an additional layer of security that can be used when logging into accounts. From biometrics to one-time codes and security questions, MFA creates a second barrier that can keep malicious actors from gaining access to personal data. Despite the extra step employees will need to take to log into accounts, the extra layer of authentication is critical, especially now that the majority of the workforce is remote.
- Enforce strong access management solutions: Part of the problem is that users continue to underestimate the risks associated with passwords. Encouraging them to use unique and strong passwords, and to store and manage them in a secure way like with a password manager, is an essential first step to protect against malicious activity.
- Eliminate passwords where possible: With more individuals working remotely, IT needs to ensure the right people have access to the right resources for security and ultimately to keep employees productive. Single sign-on (SSO) provides IT teams with more flexibility and the ability to provide employees with access to the applications required for their role, while maintaining complete visibility and control over user access.
Taking these steps considerably lowers potential issues, but organisations need to factor in the human element as well. Even after continued breaches for organisations and individuals, people seem to be numb to cyber threats. Education on cyber hygiene is paramount. Training employees on best practices and the latest cybersecurity risks – like phishing scams – will help raise awareness on small steps they can take to improve their security behaviors and do their part in keeping the organisation safe.
Improving cybersecurity among workers
Bringing security hygiene up to scratch is only possible when IT teams and the rest of the company work together. While solutions like multifactor authentication and VPNs undoubtedly add additional layers of security, improving cybersecurity starts with changing an individual’s behaviours. Widespread remote work has become the norm for many companies even as we return to normality, and raising security awareness will help to ensure that a company and individual’s information are safe regardless of where they’re working.
Senior Manager, Identity and Access Management
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.