Industry data indicates that implementing password policies can help mitigate credential leaks and the resulting intrusions. For example, a Verizon 2020 Data Breach Investigations Report shows that brute force or stolen credentials account for 80% of company data breaches. Bloomberg also reported that a sizeable opportunity exists for employees to play a bigger role in protecting sensitive company data. Businesses can reduce the risk of data breaches by building a culture of security education and empowerment, which helps to motivate employees to use strong passwords.
Helpful steps to build this culture include:
Understanding and discussing the root causes of data breaches
Educating employees about password best practices
Empowering employees through automation
The previous Verizon report analyzed 30,000 security incidents with potentially compromised assets and confirmed more than 3,000 data breaches had data disclosed to an unauthorized third party.
Many security incidents were attributed to:
Unsuccessful DDoS attacks
Malware detected by antivirus software
Highly regulated industries such as healthcare and finance had the highest data breach to security incident ratios: 521 data breaches out of 798 security incidents in healthcare and 448 data breaches out of 1509 safety incidents in finance.
Most data breaches stemmed from brute force attacks against weak passwords, user error (e.g., using the same password for multiple accounts), and phishing attacks. These incidents continue to be leading causes of data breaches for more than a decade - we can all do better.
A previous Bitwarden blog discussed employee security awareness training and keeping materials up-to-date as cyber threats quickly evolve. But staying proactive goes far beyond a training video. Employees must learn how to spot potential security threats and implement password best practices with guidance.
A few password best practices include:
Avoid using the same password across multiple accounts or systems
Create strong, unique passwords using a password generator
Enable two-factor authentication on as many accounts as available
Do a data breach check for any exposed, reused, or weak passwords through a password vault health report within a password manager
Talk to your employees about securing corporate accounts, as well as their personal social media, email, and bank accounts. Explain what can happen to employees when their personal accounts are hijacked or hacked. Make password security in the workplace just as important to them as it is to you and the business.
Personal security awareness training can change how employees view password best practices both in the workplace and at home. Learning better online security behaviors on personal accounts, such as using strong passwords, helps employees bring good habits to work. A password manager such as Bitwarden supports password best practices at work, at home, or on the go.
Every employee starts with a personal Vault to store individual log-ins and data, and an organizational Vault to store team-wide logins and data Both Vaults can be accessed from any device using any operating system or web browser, making it ideal for employees to use anywhere.
Introduce a password manager by syncing it with your active directory so that every new employee starts with an account from day one. Encourage employees to use Vault health reports personally while administrators monitor organizational Vault security.
Editor's Note: This article was originally written on August 31st, 2020 and was updated on August 10th, 2022.