In just a few short years, hybrid working has become an everyday part of corporate life. The combination of working from home and a centralized workplace offers convenience and flexibility, and in progressive countries such as the Netherlands, it may turn into a legal right.
A recent Gallup poll found that as of February, most remote-capable employees continued to work from home at least part of the time, with 42% on a hybrid work schedule and 39% working from home entirely. Given the outsized number of employees now working hybrid or fully remote, the future of the office is at a turning point, and so are the cyber risks associated with it.
Those risks include accessing sensitive data through unsecured WiFi networks, bring-your-own-device (BYOD) policies—where unsecured personal devices are used for work—and sharing sensitive data with colleagues through unencrypted channels.
One easily preventable risk is relying on weak passwords. We know from our research at Bitwarden that many individuals choose easy-to-remember and reused passwords without access to the proper tools. The study puts a number to the problem, with 84% of people choosing to reuse passwords. It’s all the more puzzling when there is a simple, easy-to-implement, and inexpensive solution: password managers.
Securing Hybrid and Remote Workplaces with Password Managers
Using a strong and unique password is the most efficient, practical strategy for protecting data, devices, and accounts and stopping potential hackers in their tracks. But, strong and unique passwords make them nearly impossible to remember for anyone without a photographic memory. This is a problem considering that 55% of people rely on their memories to manage passwords, even though over two-thirds (68%) believe it is more important for a password to be secure than easy to remember.
Password managers solve this, empowering employees to generate strong and unique passwords and usernames for each site they register with and access. This stops the issue of password reuse. It further allows organizations using enterprise-grade password managers to create password strength rules and policies to ensure a certain level of security across their employees’ accounts, even for systems they don’t control.
Recent research also shows that password manager implementation would be welcome among employees. While 1 in 4 are required to use a password manager at work, 64% believe companies should provide employees with a password manager to protect credentials. This highlights a desire for leadership and creativity when addressing security issues and taking the responsibility out of individual hands.
Another issue is shared accounts, which require an advanced level of control. For instance, user accounts for a server, an organization’s SSH keys, or an encryption key password for an SFTP server present their own challenges for sharing access information. Some password managers provide a means of creating and securely storing organization-wide passwords in collections that enable an administrator to share and update those credentials periodically without having to blast the organization’s users with updated info through less secure channels. This empowers organizations to consolidate control over who has access to the information.
Any security measures an organization has in place should work in concert. That’s why they should employ enterprise password managers with some form of two-factor authentication (2FA). Two-factor authentication, when users are required to utilize two different methods of verifying their identity to access an account, helps increase user security for websites and applications to an even greater degree. It limits the opportunity for data exfiltration that may stem from using unsecured WiFi networks, unsecured personal devices, and unencrypted channels.
It’s optimistic to think any organization can have total control over how their employees use technology—especially in a hybrid or remote environment. Unsecure and simply sloppy practices may always stick around; however, overall risks can be mitigated by consistent, enterprise-wide use of a password manager.
Gary Orenstein is the Chief Customer Officer at Bitwarden leading the go-to-market efforts across customer success, marketing, and sales. Before Bitwarden, Gary served in executive marketing and product roles at enterprise infrastructure companies Yellowbrick Data and MemSQL, and flash memory pioneer, Fusion-io which went public during his tenure there. Earlier in his career, he led marketing at Compellent, which after its IPO was acquired by Dell.