As any business leader knows, digital transformation has been a predominantly positive force in the global economy over the last decade. We’ve seen entire industries born online and widespread change across traditional industries. Despite this, the digital age poses several massive security risks for businesses—data breaches, malware and identity theft being among the top issues reported.
One of the most obvious and common protections against these issues is strong password management, including a policy on periodic password expirations. There are several factors within an organization’s cybersecurity strategy that can impact the level of password security. However, password security is no longer the most effective approach to achieving data protection. Multi-factor authentication has become the industry standard. In fact, Microsoft recently deemed periodic password expiration “ancient and obsolete”, recommending instead that businesses implement multi-factor authentication and zero tolerance of weak passwords.
At Grade A, we know that some businesses succeed more than others in the arena of data security. Why? What are the factors enabling businesses to implement and maintain the best data security practices? If passwords are still part of your IT model, how can you quantify your business’s level of password risk?
Password Security – There’s a score for that!
The 2018 Global Password Security Report by LastPass Enterprise provides password security benchmark scores classified by geography, industry and business size. These scores can help you understand where your business may land on the password security spectrum. They score password strength based on several factors including length, complexity and re-use of passwords. The report surveys 43,000 businesses, averaging their scores to create a series of password strength benchmarks.
The benchmarks are categorized as follows:
- 0 to 39: Poor password security
- 40 to 64: Fair password security
- 65 to 89: Good password security
- 90 to 100: Exceptional password security
Are smaller businesses at an advantage?
Surprisingly, larger organizations struggle to succeed at data security. It proves to be more challenging due to restraints such as varying priorities amongst management, budgets and training limitations. Despite having fewer resources and tighter budgets, small organizations are consistently achieving an above-average score of 53, according to the 2018 Global Password Security Report. A small staff means fewer passwords, fewer unsanctioned apps, and fewer opportunities for risky password behaviour. But despite smaller businesses being more likely to succeed at password management, multi-factor authentication is still the safest and most reliable option for data security.
How to become a leader in data security
A key pain point in the data security of businesses is the personal security habits of employees. 43% of the top thirty websites used by employees are also popular consumer apps, and 50% of employees fail to create different passwords for personal and work accounts. While business leaders should encourage consistent password security practices amongst employees, the best defence against these habits is mandatory two-factor authentication. This removes the onus on the employee to create strong passwords, and instead creates a security barrier using a second un-related device such as a mobile phone. Implementing a password management tool can also have a profound impact on your business’s overall password security. On average, businesses that implement a password management tool see an increase of 15 security score points in the first year of use.
If you’re looking to improve your company’s data security efforts and keep your most vital information safe, Grade A can help. Book your technology consultation today!