The average employee likely stores, manages, and transmits large amounts of data throughout the day. This might be done via email or when logging into enterprise-wide applications. Given that, employees are often a prime target for cybercriminals. In the Bitwarden 2023 Password Decisions Survey, 60% of IT decision makers reported their organization had experienced a cyberattack within the past year. But, logging into internal systems and email accounts doesn’t have to be fraught with risk. Here are a few simple and straightforward cybersecurity tips for employees that will help them stay safe online.
With remote or hybrid work now commonplace, employees are sometimes working from non-office settings. While this has enabled flexibility, it also means WiFi settings might not be as strong as those onsite. As much as possible, employees should avoid accessing work systems and data via public WiFi networks. Unlike in the workplace, there is no guarantee public WiFi networks are encrypted.
According to the Proofpoint 2022 State of the Phish Report, 83% of organizations said they experienced a successful email-based phishing attack in 2021, versus 57% in 2020. A quick recap: phishing refers to the emails, phone calls, and texts that direct users to websites harboring drive-by malware downloads. In more serious cases, a ‘phished’ employee can compromise an organization’s entire network. Fortunately, there are some simple, commonsensical solutions for staying safe. To start, employees should check all aspects of an email to confirm it looks legitimate, including the email sender name and email address. They should hover over links to confirm they go to the proper website and avoid clicking on attachments from people they don’t know.
Additionally, it may be worthwhile to know that phishing emails are more apt to come from specific types of (purported) individuals. The Bitwarden 2023 Password Decisions Survey revealed that close to half (41%) of phishing attacks come from fake financial institutions, with another 22% pretending to be an employee’s boss or executive.
Two-factor authentication (2FA) is a technological approach that requires users to utilize two separate methods of verifying their identity in order to access an account. A useful definition for 2FA is that logging into a service involves something that you know, such as a password, and something that you have, such as your phone, hardware token, or other authentication code. Two-factor authentication is a tried-and-true method for keeping data secure.
In the Bitwarden 2023 Password Decisions Survey, 92% of IT decision makers reported using it in the workplace - but the Bitwarden 2023 World Password Day Survey found that only 58% of respondents (the general public) leverage 2FA for work accounts. If it’s good enough for IT personnel, it should be good enough for employees, too. When possible, they should be encouraged to utilize it.
Strong and unique passwords go a very long way in protecting data, devices, and accounts. But, the need for strong and unique passwords with each and every login means they can be hard to remember, a problem when considering the Bitwarden 2023 World Password Day Survey finding that 58% people rely on their memories to manage passwords.
The solution? Deploying a password manager. Password managers allow users to generate, consolidate, and autofill strong and unique passwords for all accounts. This ensures there is no password reuse and allows organizations using enterprise grade password managers to create password strength rules and other policies to ensure a certain level of security across their employee’s accounts, even for systems they don’t control.
Password managers allow employees to easily protect themselves and their data. Good password managers should offer some form of 2FA, operate cross-platform, and be secured with end-to-end encryption.
Developers have unique security needs, in that they handle data that is critical to protecting an organization’s software. For instances when developers need an extra level of protection around machine-to-machine access, they should consider deploying Bitwarden Secrets Manager. Bitwarden Secrets Manager enables developers to develop a secure and systematic approach for creating and automating secrets for resources and applications. With Secrets Manager, they can safely share, retrieve, and assign secrets across the development lifecycle.
For developers building passkey authentication, Bitwarden Passwordless.dev offers an API framework that minimizes development time and resources. Passwordless.dev integrates with existing authentication solutions, offers centralized passkey management, and is periodically tested by third-party security audits.