Centrify, a leading provider of Identity-Centric Privileged Access Management solutions, revealed the results of an onsite poll conducted at RSA Conference 2020, held lastweek in San Francisco. The survey asked conference attendees about their cyber hygiene habits at work to determine how much of a threat they posed to their organization’s overall cybersecurity, ultimately revealing that employees themselves pose the largest threat.
Nearly 60% of respondents correctly identified employees as the largest threat to their organization’s security, followed by hackers (23%) and third-party vendors/partners (18%).
Additional poll findings further validated why employees pose a cybersecurity threat in the first place:
● 40% of respondents have tried to bypass a corporate security policy at work
● Nearly 1 in 4 respondents (23%) use the same passwords for work and personal accounts, defying industry best practices
● More than 1 in 5 respondents (21%) still store passwords on their phone, computer, or in printed document, violating industry best practices
“81% of hacking-related breaches leverage stolen and/or weak passwords, according to Verizon’s Data Breach Investigations Report. All it takes is one employee using a weak password to open the doors,” said Torsten George, Cybersecurity Evangelist at Centrify. “That’s why every organization should enforce frequent password changes and use single sign-on (SSO), and privileged credentials should be stored in a password vault.”
On a positive note, the poll also revealed that less than 15% of respondents reported having previously shared their work login credentials or used someone else’s login credentials at work.
The poll results illustrate that every employee has an important role to play when it comes to protecting their organizations from cybersecurity threats. Simple best practices to help reduce the risk of being compromised include:
• Make Your Password as Strong as Possible: Passwords should contain a mixture of upper and lowercase letters, numbers, and special characters. Using a password manager will help create long, difficult passwords and manage them for you. In the case of a known data breach, change your password immediately. Passwords for privileged accounts should be rotated every time they are checked back into a password vault.
• Implement MFA on All Accounts: Multi-factor authentication (MFA) requires users to confirm their identity with another factor other than just a username and password, adding an extra layer of security. Centrify also announced support for passwordless authentication using biometrics, such as Windows Hello and Apple’s Face ID and Touch ID.
• Don’t Take the Phish Bait: It’s not always emails that are used to hook you, it’s increasingly text messages and other messaging platforms. The first step in stopping phishing attacks is training employees to recognize, avoid and report any suspicious emails or messages, and conducting periodic simulations of phishing attacks. Vigilance is still the best defense.