Despite the danger and risk of not having a password manager posed to an organisation, password management is often neglected. The majority of organisations still rely on traditional and outdated password management tools – leading to ‘password fatigue’ – and even more crucially, fail to utilise enterprise-grade protection to safeguard the fort.
About 86% of Aussie firms said that over the last 12 months, the accelerated employee turnover caused security issues e.g. through not de-provisioning access rights (compared to 68% globally), according to CyberArk’s 2022 Identity Security Threat Landscape Report.
Nonetheless, over half of workers in Australia today have a shocking amount of access to sensitive corporate data. With the vast amount of sensitive data at their fingertips, attackers are assigning a new focus on employees’ passwords, especially poorly managed ones.
In fact, with as many as 921 password attacks occurring per second globally, it is time for organisations to treat every employees’ credentials like the true operational risk they are, and recognise that all workforce users’ passwords should be protected with the same security-first approach that organisations apply to privileged users’ credentials.
How to better safeguard workforce credentials?
There are five steps that any security team should explore to improve how they safeguard workforce credentials. These comprise a holistic, risk-based approach to Identity Security to help companies apply privilege controls across the board – underscoring the fact that increased complexity calls for stronger controls for sharing and transferring passwords.
This first step is essential to blend intelligent authentication with an enhanced user experience. This calls for an adaptive form of Multi-Factor Authentication (MFA) that can adjust the difficulty of authentication challenges based on real-time insights on user behaviour.
This involves looking for ways to introduce vault-based storage for workforce credentials, with the flexibility to devise how credentials are stored, managed and retrieved. For example, an enterprise-grade tool could provide a security admin with options to store new credentials in self-hosted vaults and allow users to retrieve them without connecting to a VPN.
Safe credentials management and sharing
This enables users to securely share credentials without revealing passwords, but also helps: protect privacy by controlling who can share, view and edit credentials; impose time limits on user access to specific apps; and manage the transfer of credential ownership to new users.
This step requires security controls to continue past the point of authentication. Here, enterprises should look for ways to require an extra layer of protection that allows them to monitor and record all actions once a user is logged in – backed up by a full audit trail.
Frictionless and secure user experience
This requires firms to secure workforce passwords that can: integrate easily with corporate directories and third-party identity providers; recognise when users are entering credentials and offer to save them in a secure, vault-based location; auto-fill credential fields for a quick log-in experience; and generate unique and strong passwords for users whenever needed.
As we celebrate World Password Day, remember password management is good hygiene that must not be overlooked – it’s a vital control in a defence in depth strategy for any firm.
Andrew Slavkovic is the Solutions Engineering Director ANZ at CyberArk.