Whether we consider enterprise mobility or remote working, enabling employees to work from beyond office perimeters has its set of perks and challenges. One of the biggest challenges businesses worry about is corporate data breaches. Businesses create high-security office spaces with almost impenetrable security infrastructure. But, with remote working, businesses have to trust their employees with corporate security best practices.
While most enterprises would like to blame external factors for compromised data, they neglect the fact that most data breaches happen at the hands of their internal workforce. Accidental data loss by clicking on malicious links, browsing untrusted websites, or simply leaving your system unattended in public can lead to data leakage. A study suggests that 81% of company data breaches are caused by poor passwords. The same study also suggests that 17% of the hackers are successful in guessing people’s passwords. Password protection acts as the first line of defense making it a crucial step for corporate security. But how can enterprises ensure the effective use of passwords by all of their employees? The answer lies in configuring Passcode Policies.
What is a Passcode Policy?
Generally, people are tempted to create simple passwords for their devices so that they can memorize them with ease. Most people use predictable passwords including their names or birth dates, making them easy to decode. A Passcode Policy is a set of guidelines put together by an enterprise to ensure that its employees create reliable passwords.
The key purpose of configuring passcode policies is to ensure the protection of corporate networks and devices. It guides employees in building strong passwords and ensures periodic password renewals. Mobile Device Management (MDM) solutions help businesses configure and push Passcode Policies on their employees’ devices remotely. This saves a lot of IT time that is otherwise spent manually configuring passcode policies on hundreds of devices.
Why Are Passcode Policies Important for a Remote Workforce?
If a business encounters a corporate data breach, it has to be prepared for hefty fines, penalties and legal notices knocking on its doors. According to a report, the average cost of data breaches was USD 1.07 million higher in breaches that were caused by remote working. The same report also suggests that compromised credentials were the biggest reason for corporate data breaches.
Passwords are the most basic form of device protection. Hackers are able to penetrate through the remotely working employees’ devices for the following primary purposes.
1. Use of Poor Passwords
A lot of people are frustrated with keeping a track of the dozens of passwords that every software and system requires these days. In an attempt to remember so many passwords, people end up keeping simple passwords that include their names, company names, number sequences, etc. Statistics suggest that 59% of people use their names or birth dates in their passwords. While this may make the passwords easy for you to remember, it acts as a target for hackers who can easily decode them in a few trials.
2. Reusing or Repeating Passwords
Speaking of poor passwords, many of us don’t want to be bothered with keeping a unique password for various apps, accounts and devices that we use. Most of us also end up repeating the same passwords for multiple accounts. If that single password is compromised, several accounts are at a high risk of being invaded.
3. Password Sharing
43% of people admit sharing their passwords with someone. Several employees have their email and system passwords shared with their families and colleagues. With remote working, this practice only gets amplified as most people work from home on devices that may be shared between family members. Employees may also be urged to reveal their passwords to their colleagues who may be helping them get accustomed to the company portals or software, or resolving technical difficulties.
Factors That Play a Role in Creating & Maintaining Strong Passwords
1. Password Length
You can define the minimum password length for your employees to ensure the robustness of their passwords. Most corporate environments enforce a minimum 8-character password that helps provide security against brute force attacks. Statistics suggest that a 12-character long password takes 62 trillion times longer to crack than a six-character password.
2. Password Complexity
Hackers try all combinations to break into your systems. Using simple, familiar or repetitive words makes it very easy to be decoded. An 18-character password which is a combination of letters in upper and lower case, numbers and special symbols will take years to crack in comparison to a simple and short password.
3. Timely Password Updates
It is true that managing the length and complexity of passwords can make decoding them a lengthy process for hackers. But not impossible. Most employees set passwords for various accounts and forget about them. Periodically updating passwords is equally important. Companies can configure mandatory password updates for their employees as a part of their security efforts.
4. Encrypted Password Storage
Creating strong and unique usernames and passwords is only half the job done. Users are also required to efficiently store the gazillion passwords created to secure multiple devices, online services such as emails, folders and corporate portals. Most employees use their notepads or diaries to maintain a list of their passwords, some backup their passwords on the cloud, while others store them locally on their computers. Neither of these methods is safe.
Adopting Password Management solutions that can create a safe and encrypted space for employees to store all their diverse passwords is the right way to go. Apple devices offer a built-in password manager called iCloud Keychain to keep the user’s passwords protected in one place.
5. Implement Multi-Factor Authentication
Multi-Factor Authentications are becoming popular as they help users create a more secure log-in. You may have seen several online services requesting you to enter your password followed by an OTP shared on your email ID or phone number. It requires the users to verify themselves two or more times, ensuring additional layers of security. This way, even if one password is compromised, unauthorized users cannot lay hands on your system and data, unless they gain access from all the given sources.
6. Constant Password Audits
Managing hundreds and thousands of devices is not an easy task. IT teams must run constant audits to ensure that their remote employees are complying with their pre-configured passcode policies. MDM solutions enable IT admins to run periodic compliance checks, obtain alerts and analyze violation data for multiple devices remotely.
Creating and maintaining countless passwords is complex, but crucial. Many users choose to neglect their passwords despite being aware of the consequences and the innumerable cyber threats that lurk around. Configuring strong passcode policies that suit your organization’s confidentiality needs is the ideal and the simplest measure that can help businesses secure and manage your remote workforce.