The Bitwarden Blog

Build an Online Security Culture by Adopting a Healthy Security Routine

authored by:Andrea Lebron
published :
  1. Blog
  2. Build an Online Security Culture by Adopting a Healthy Security Routine

Developing an online security culture at work starts with a healthy security routine, both on an organization-wide and individual scale. Take the first step by securing passwords and sensitive information.

Most security leaders are familiar with password best practices:

  • Always use a strong, unique password for each account

  • Do not store passwords in plain text Excel files or on sticky notes stuck to the screen of a workstation

  • Use an end-to-end encrypted tool such as a password manager to help you manage everything

But how do these best practices become second nature to employees? That level of empowerment starts by building awareness. Greater awareness of password best practices translates into improved security behaviors, which develops into a positive online security culture.

Adopting a periodic healthy online security routine

Organizations can adopt a healthy online security routine by conducting periodic checks to identify potential risks stemming from workplace account log-ins. Employees can replicate a similar routine for their work accounts and even personal accounts.

Use your password manager health reports

Begin with the vault health reports built into your enterprise password manager. These reports should identify the following risks on workplace accounts saved in the system.

health reports - blog image
health reportsblog image

A look into the Vault Health Reports in Bitwarden

  • Weak Passwords Report: This report identifies passwords that are easy to crack using brute force algorithms. According to Verizon’s 2020 Data Breach Investigations Report, more than 80% of data breaches attributable to hacking are due to brute force attacks against weak passwords.

  • Reused Passwords Report: This report identifies non-unique passwords in your vault. Reusing the same password for multiple accounts can allow hackers to easily gain access to multiple online accounts when one account is breached.

  • Exposed Passwords Report: This report identifies hacked passwords released publicly or sold on the dark web, using the first five digits of the hash of all the passwords in the vault. Advise employees to change exposed passwords as they will be among the first tried by hackers in brute force attacks.

  • Unsecured Websites Report: This report identifies login credentials saved in the vault related to an unsecured website with an http:// prefix. It is safer to change the prefixes to https:// to support encrypted communications using TLS/SSL.

  • Inactive Two Factor Authentication: Many online services now offer the option to add an extra layer of security using two factor authentication (2FA). This report identifies logins saved in the account for which 2FA is available and is not turned on.

When to run reports

Block off time to run these reports weekly or monthly or an interval that works for you. Add these checks to your other regularly scheduled security audits like phishing tests. Some companies run security audits up to twice a month, according to a 2020 report.

Have employees conduct their own online security health checks

Employees also have access to a data breach report through their enterprise password manager for workplace accounts. The report identifies compromised passwords (email addresses, passwords, credit cards, etc.) from all-time historical records.

Two ways to encourage the use of vault health reports

  • Gamify data breach and exposed passwords checks: Some employees might be surprised to see how often their account is tied to a data breach. Make it into a contest by seeing who can get to 0 exposed passwords. Encourage your employees to work together towards upgrading their security. Accountability goes a long way when you have colleagues to support you.

  • Add it to your annual employee security compliance training: Most companies require annual employee trainings to meet security compliance standards. Make it a habit for employees to check their accounts for data breaches by rolling it into your company training program as a checkbox requirement.

Set it up as a simple survey question such as:

Data Breach Check Confirmation:
Confirm if you have checked for any exposed passwords attributed to your account using the enterprise password manager tools. Update passwords as necessary to secure your account.

  • Yes

  • No

  • Will do now

The survey and documentation on employee password health provides a substantive result to use in security and compliance audits.

Take the first step to adopt a healthy online security routine today

Take advantage of an Enterprise Trial of the Bitwarden Password Manager and check out our Vault Health Reports today. You can also set up your own free account to try out the data breach report yourself.