Passwords can pose a real threat to a company's security, and breaches grow in number and complexity each year. According to a new report, nearly half of businesses are struggling to quantify their own level of password risk.
Methodology
The password manager LastPass anonymised and aggregated data from more than 43,000 organisations who use LastPass as their business password manager. Compared to last year's report, the data set has grown significantly and has thus enabled a more precise overview of password management.
The larger the company, the less secure
Businesses with fewer than 25 employees had the highest security score of 50, while organisations with over 500 employees displayed much lower scores. Quite simply, more employees means more passwords and unsanctioned apps.
In addition, a bigger company invites more opportunities for risky password behaviours. Within these larger businesses, it is simply more challenging to ensure that all employees uphold strict cybersecurity standards.
Password sharing and recycling is prevalent
According to the report, any given employee shares an average six passwords with their co-workers. This is a slight increase on last year's data, which indicated that an employee shares approximately four passwords.
LastPass indicates that employees often resort to weak-but-memorable passwords and insecure sharing methods for the sake of efficiency. However, sharing is not necessarily the issue - "employees don't need to stop sharing – they just need a secure way to do so."
Mixing business and pleasure is also a prevalent issue. The findings indicate that 43% of the top 340 domains employees use are also popular consumer apps.
A shocking 50% of people do not create different passwords for their personal and work accounts. As teams become more distributed and tech-dependent, "the ability to protect, track and audit shared passwords is more important than ever."
The tech industry is the most secure
The technology sector had the highest average security score (53). LastPass suggests that this is a result of GDPR, but many tech giants are still failing to comply with the new European privacy rules.
Surprisingly, heavily-regulated industries like Banking, Health, Insurance and the Government lack commitment to password security. A recent report from Gartner also found that just 65% of organisations currently employ a cybersecurity expert.
The state of multifactor authentication
Multifactor authentication remains an industry best practice for protecting an organisation. According to the findings, 45% of businesses are currently using multifactor authentication.
This is almost a two-fold increase on last year's 24.5%. Companies with 25 or fewer employees had a 41% adoption rate, while organisations with more than 10,000 employees had a usage rate of just 3%.
Passwords will continue to be a challenge in the workplace
“Passwords continue to be a challenge to cybersecurity in the workplace, and attacks continue to grow in number and complexity every year," according to Gerald Beuchelt, Chief Information Security Officer at LogMeIn. He added that "Despite these threats, businesses have struggled to quantify their own level of password risk.”