Despite greater investment in privacy and security measures, employees are reporting they still have poor password habits that affect the company’s overall security posture.
Research from LastPass and by LogMeIn found an “alarming increase” in the number of passwords the average person has to remember. Small businesses average about 85 passwords and large companies reported an average of 25.
The study found businesses are now actively investing in security measures, such as multifactor authentication (MFA). Globally, the MFA usage grew from 12 per cent to 57 per cent in 2019. However, industries with the most sensitive customer data, such as insurance and legal professionals, are the least likely to have employees using MFA.
Vice president of APAC at LogMeIn, Lindsay Brown, said of these pitfalls: “Australian businesses have started taking greater control of their password security, a likely result of regulatory changes across the industry.”
“Unfortunately, MFA usage alone cannot protect an organisation and overall security hygiene must be elevated if we’re to see better results.”
Due to greater availability of resources and an increased awareness of the regulations, larger businesses may be more likely to have single sign-on solutions (SSO) in place that enable staff to access more apps with fewer passwords. However, there are less than 50 per cent of businesses with an SSO solution for employees.
Given compromised or stolen credentials underpin most cyber incidents that led to a data breach in the first year of the Notifiable Data Breaches scheme, the shift towards MFA shows measures to reduce the risk of stolen credentials are being implemented.
“Given competing priorities of IT staff at smaller businesses, it is understandable that MFA may not be a priority,” LogMeIn said. “However, given the number of affordable, user-friendly options available, every business should be able to find an MGA solution that meets their needs.”
Chief information security officer at LogMeIn Gerald Beuchelt said: “Security employee access has never been more important and unfortunately, we see businesses ignore password security altogether, or only half-heartedly attempt to address it.”
“This report further highlights the importance of using the identity and management tools available to information security managers in addition to maintaining focus on employee training to improve password habits.”