Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

Stop using sticky notes to write down passwords

Image Description

A majority of employees still regularly scribble work-related passwords on sticky notes, putting them at risk of cyberattacks, a new survey has warned.

The cavalier attitude towards passwords was discovered as part of the survey commissioned by Keeper Security, makers of the Keeper password manager, based on interviews with a thousand US-based employees.

Worryingly while 57% of the respondents say they have scribbled work-related passwords on sticky notes, a sizable majority (67%) also admit to losing track of these notes at some point. 

TechRadar needs you!

We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.

>> Click here to start the survey in a new window<<

Keeper suggests that the trend of jotting passwords on paper seems to have accelerated in the post Covid-19 remote-first work environment. The survey found two-thirds (66%) of those surveyed agreeing that they’re more likely to write down work-related passwords when working from home than they are while working in the office.

Poor password management

Despite the widespread availability of password managers, most respondents continue to store password unencrypted even when storing them digitally.

The report has several evidence of such poor password security practices. For instance, 49% of the respondents save work-related passwords in an unencrypted document in the cloud. A higher number (51%) just simply bung the password in a document that’s saved on their computers

The most popular digital means of storing the password though is the phone, with 55% of the respondents choosing to make a note of their work-related passwords on the device that’s easy to break into, or get stolen.

On top of all this, the passwords too are usually weak and easy to guess, with 37% of the respondents using their employer’s name, significant other’s name or birthday in a work-related password.

Another example of poor password management is that 44% employees admit to using the same password for both personal and work-related accounts.

And it’s not just the employees. The survey finds that often poor password management practices extend from the top. 

Nearly half of respondents (46%) report that their company encourages sharing passwords for accounts that are used by multiple people. 

Furthermore, around 32% have admitted to accessing an online account belonging to a previous employer, which is a clear indication that many employers don’t disable accounts when employees leave the company.

"The transition to a remote working environment has led to even more reckless password management practices, which is very worrying," said Darren Guccione, CEO and Co-Founder of Keeper Security. 

"As most employees work from the comfort of their homes, they have become too comfortable with how they create, store and then share these passwords with family and colleagues. The lack of cybersecurity hygiene not only puts the individual at risk, but can also present a wide range of negative consequences for their organization. It's important to remember that following proper security guidelines in a work-from-home environment is just as critical as in an office environment."

Date

08 Apr 2021

Sources


Share


Other Blog

  • Bing receives a Microsoft-flavoured rebrand

    Rebrand looks to emphasise the role of Bing within the Microsoft family of products.

    Read More
  • Dell closing in on deal to sell Boomi cloud business

    Two private equity firms will be acquiring Boomi for $4bn.

    Read More
  • Securing BYOD in the post-pandemic world

    There have been more changes to cloud and network access during the pandemic than in the previous five years together. Personal devices accessing corporate networks increased 20% in 2020, creating new complexity and increasing risk. New approaches to work are making IT rethink policies and cybersecurity practices for end-user devices. Many of these new policies are more lenient, allowing more and different devices to be used, but they also are creating more chaos.

    About the author

    Chris Cochran is Director and Cybersecurity Advocate at Axonius.

    More than 80% of IT professionals believe workers are violating their company’s rules, inadvertently or otherwise, leaving them blind to about 40% of the end-user hardware accessing their networks. As BYOD environments become more diverse and more complex, it opens the door to more security concerns because traditional IT tools don’t produce accurate device inventories, which are needed to ensure security and compliance.

    BYOD, WFH, and the new normal today

    An increase in personal devices - representing a multitude of brands, versions, and operating systems - substantially complicates security practices. It’s a struggle to implement all the necessary security configurations or determine the status of end-user device compliance. Likewise, work-from-anywhere approaches add to complexity. Corporate networks must now extend beyond headquarters’ and even brand offices to include access points from anywhere in the world.

    During asset management audits, many companies rely on their configuration management database (CMDB) to survey the condition of endpoints accessing corporate infrastructure, but it only produces a static, moment-in-time count, and it’s a daunting task to complete. BYOD connections often are short-lived episodes - this snapshot approach can easily miss the large segment of users who randomly connect and drop from their own devices.

    For compliance issues, specialized tools such as endpoint agent queries are commonly used to determine the version of installed anti-virus software on known devices, but they don’t pinpoint the ones without any protection, and these are the devices that pose the greatest threat. Attackers target unprotected personal devices and, once compromised, the malware on these devices can infiltrate corporate infrastructure and potentially gain access to sensitive data.

    Without an accurate understanding of the devices on the network and their status, it’s hard to certify that your organization is secure and adhering to industry standards, such as NIST or CIS Benchmarks. BYOD monitoring and enforcement must evolve to keep pace with increased access by more uncontrolled devices that are often using untrusted networks.

    Shoring up end-user device practices

    Definitive, actionable practices are the foundation of good end-user device security. The first step is to ensure your company’s policies incorporate the NIST BYOD security guidelines, such as requiring passwords and authentication on all end-user devices, and mandating that users keep software and anti-virus applications up to date. Knowledge can be empowering as well, so employees should be trained, and consistently reminded, on the protocols to connect safely. Limiting user access to resources on a need-to-know, zero-trust basis can help protect networks from attacks unintentionally initiated by compromised end-user devices.

    Looking inward, an organization’s technology team needs to examine its own internal processes and work procedures. Today, security and operational IT staff often function as independent entities with vital data siloed within isolated departments. As BYOD becomes more complex and ubiquitous, security and IT groups need to share information and resources to track who is connecting to the network and the condition of those devices. Analysts suggest considering the emerging field of cyber asset attack surface management (CAASM) as a way to manage complexity. This approach involves aggregated data that allows IT and security teams to share a credible and always current asset management inventory without the time-consuming manual effort, quickly uncover coverage gaps, and more efficiently validate and enforce policies.

    Post-pandemic social and business dynamics are reshaping the workplace, resulting in increased complexity and BYOD security concerns. The key to effectively managing this will be maintaining visibility into the status of any device that touches the corporate infrastructure, at all times, with new CAASM tools that close the growing visibility gap. In the “new normal” world, this more effective approach can provide much-needed BYOD oversight and reduce the IT workload as part of a larger cybersecurity management program.

    Read More
  • Pentagon cancels Microsoft's huge JEDI cloud contract

    Pentagon scraps $10 billion contract and begin anew after prolonged legal battle.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us