As organizations worldwide continue to recast their business processes in the context of distributed and hybrid work models, the appetite for digital transformation (DX) has increased dramatically for organizations of all stripes. IT leaders starting down this accelerated DX path continue to face one of the thorniest challenges — balancing cybersecurity without imposing an extra burden on employees in decentralized, high-risk environments. In the past too, companies continuously operated on the assumption that security is an ongoing priority. So, what’s changed? A lot.
The lockdowns coupled with the work from home (WFH) environments opened the floodgates for hackers. During the transition to remote work, 193 million phishing attempts were recorded during the first nine months of 2020, researchers at ZscalerOpens a new window found. In the ongoing battle to thwart security risks, organizations have found that better end-user education is an obvious answer. Companies ramped up cybersecurity awareness training aimed at ‘click-happy’ end-users who would inadvertently introduce malware in PC fleets and updated security policies to curb the menace of Shadow IT.
While security awareness training is inarguably an effective way to defend against phishing and social engineering attacks, it will take much more than that to improve an organization’s security posture and uplevel employee experience (EX). Or even gain security wins in the face of sophisticated hacks. Several studies conducted against the backdrop of COVID-19 indicate that while strong security protocols are imperative, organizations need to leverage a layered security approach to protect employees across various attack vectors. For that, security awareness initiatives, or remote enablement technology that may not even mirror real-world threats, aren’t sufficient.
A 2020 SalesforceOpens a new window study puts the need for balancing employee experience and security in sharp focus. The report spotlights how seemingly small things such as “bandwidth or latency issues and managing different passwords across different cloud applications†can lead to employee dissatisfaction and disengagement.
For instance, the study found providing single sign-on (SSO) can enable workforces to control passwords across multiple applications without worrying about the risks of unauthorized access. In a similar vein, a password safe or vault can help employees prevent password reuse and securely store credentials instead of dumping information in spreadsheets or Word documents.
Closing the Gap Between Employee Experience and Advancing Security
Organizations largely tend to think about cybersecurity as an IT problem that can be effectively addressed by deploying and managing the right software and tools. Often, they fail to consider the employee experience and how it will impact the end user’s productivity and workflows.
Companies need to build a holistic security approach that considers all aspects of business continuity while also taking into account employees’ goals. At the end of the day, your workforce needs to be focused squarely on strategic business goals and important workday tasks.
So, how can organizations put employee experience at the core of business security? To bolster EX, consider adopting solutions that guide and securely connect end-users and empower them to perform their best without worrying about security risks or breaches. For EX to truly shine, IT decision-makers (ITDMs) must build long-term strategies for supporting hybrid workforces with flexible, scalable technologies that boost productivity, streamline workflows, and increase intelligent collaboration.
Here are three ways organizations can uplevel cyber resilience without compromising on EX:
1. Promote password hygiene with a business password manager
The app uptake in organizations is well-chronicled; it’s a trend that predates the pandemic. Blissfully’s 2019 annual SaaS trends reportOpens a new window found the average employee uses at least eight apps. In virtual work environments, cloud-enabled applications have become central to how we interact, collaborate and accomplish work. But the rise in ‘digiculture’ has exacerbated password management. With workloads shifting to the cloud, employees struggle to remember passwords for multiple applications. As a result, they use easy to remember or reused passwords to access digital workspaces, compounding data security. Per IBM’s Security Work from Home surveyOpens a new window , 66% of users have not been provided with new password management guidelines, which is why 35% are still reusing passwords for business accounts.
As work becomes more decentralized and cloud-dependent, IT can minimize the pain of dealing with poor passwords and promote password hygiene with solutions such as a business password manager. Trusted solutions like LastPassOpens a new window let organizations encourage users to adopt stronger, unique passwords while saving their time and minimizing the impact on their productivity. By eliminating risky password behavior, Business Password Managers enable IT to fight off hackers or insiders who could use it as a potential backdoor for data theft. The Admin console gives IT administrators complete visibility into user profiles and enables them to revoke credentials when employees exit the company. Through the Admin console, IT can monitor account activity across every device and take proactive steps if a user shows suspicious behavior or poor adoption.
Bottom line: Put simply, a Business Password Manager lends the security and convenience that workforces need in app-powered workspaces by solving the problem of forgotten or weak passwords.
2. Make it easier to store and share passwords via vault
We’ve heard this before — security breaches caused by passwords stored in unsecured locations (e.g., Word processing documents or public drives) are among the leading causes of damaging data breaches. Verizon’s 2020 Data Breach Investigations reportOpens a new window found that 80% of breaches occurred due to lost or stolen credentials or involved brute force attacks. Companies and their employees know storing the keys to the kingdom openly can be catastrophic, yet they do little about it. As organizations put more stock into their digital transformation initiatives, IT leadership should adopt a fresh approach to this old problem to keep pace with the changes.
A password vault is a viable solution to this urgent challenge. A password vault is an application that allows users to store credentials securely, accessible through a single master password. With more apps joining the digital workspace, teams can share folders without sharing the password; or manage and grant access to new joiners seamlessly. When an employee leaves or a client or vendor partnership ends, IT administrators are required to change passwords to prevent misuse. For instance, with the LastPassOpens a new window password vault, credential sharing and employee exits can be easily managed. Any changes made to a shared folder are synced up for all remaining users who can access this application. IT can eliminate the threat of users unwittingly exposing corporate data by auditing and tracking shared passwords. Another key advantage with the vault is that your data is encrypted locally at the device-level at all times with military-grade encryption, meaning LastPass never knows your Master Password.
Bottom line: You can’t stop password sharing. In remote environments, the need for account access is even more urgent. ITDMs: Apply the principles of secure password sharing to create a differentiated employee and/or client experience, enable centralized account management and solve IT’s security woes.
3. Going passwordless with single sign-on (SSO)
With identities extending across cloud apps, VPNs and devices, passwordless logins have become table stakes for businesses of all sizes. GartnerOpens a new window predicts by 2022, 60% of large and global enterprises and 90% of midsize enterprises will implement passwordless methods in more than 50% of use cases. As cloud takes hold in organizations and apps proliferate, SSO allows users to do away with legacy passwords and resolve access challenges with a single set of login credentials. All that is needed is one credential to login into the SSO portal and access multiple applications throughout the workday.
LastPass’ SSO offeringOpens a new window , provides access to 1200+ applications and solves a two-pronged challenge: By taking passwordless authentication one step further, LastPass reduces the authentication burden, enabling users to authenticate securely without manually entering passwords for apps and services. Second, it allows IT to save the time otherwise spent on password reset requests and refocus on important business goals.
Bottom line: Password policies of the past no longer work. Users demand passwordless authentication to manage access and maximize convenience. With a passwordless SSO implementation, IT can set up and monitor access policies and protect critical business data.
Takeaway
In today’s cloud-heavy workspace, one thing is absolutely clear — the urgent need to enforce and monitor the use of login credentials for accessing business applications. As companies increase end-users and third-party access to systems, weak passwords are easy pickings for attackers trying to steal credentials. The future of business computing is tied to technologies like password managers and passwordless SSO that can empower employees to be flexible and secure at the same time. Organizations should view business password managers, password vaults and SSO as an integral part of the tech stack to improve password hygiene, reduce exposure to security threats and prioritize ease-of-use. In the post-pandemic work environment, having a clear strategy for adopting password managers and passwordless SSO can help end-users stay safe online and seamlessly access cloud apps.