A legacy of the pandemic, hybrid working has become a valuable part of corporate life
The combination of working from home and a centralized workplace offers convenience and flexibility, and in countries like the Netherlands, could even become a legal right.
In the UK, recent figures from the ONS indicate that the number of employees working hybridly has increased to 24%, up 11% from February 2022. At the same time, the percentage working exclusively home fell to 14%.
The benefits that come with working remotely simply weren’t available when employees had to physically go to an office. Yet any form of remote work – hybrid or otherwise – poses cybersecurity risks to organizations. They can include access to sensitive data through unsecured WiFi networks, bring your own device (BYOD) policies – where unsecured personal devices are used for work-related activities – and data sharing sensitive with colleagues via unencrypted channels.
Another major but easily avoidable risk is the reliance on weak passwords due to many people’s default behavior towards easily remembered and reused passwords when they lack the proper tools. Worryingly, research puts the number of people reusing passwords at 84%. But there is a simple solution, easy to set up and inexpensive: password managers.
How Password Managers Secure Hybrid and Remote Workplaces
One of the most effective strategies to protect data, devices and accounts and prevent their exfiltration is to use a strong and unique password. But they need to be strong and unique for each app or service they access, which makes them hard to remember. Which is a problem considering that 55% of people rely on their memory to manage passwords, even though more than two-thirds (68%) think it’s more important than a password. be sure that easy to remember.
Password managers help solve this conundrum. Password managers allow employees to generate strong, unique passwords and/or usernames for each site they access or register an account for. This ensures that there is no password reuse and allows organizations using enterprise-grade password managers to create password security rules and other policies to ensure some level security on their employees’ accounts, even for systems they do not control.
Recent research also lends credence to the notion that implementing a password manager would be welcome among employees. Even though only 1 in 4 are required to use a password manager at work, the majority (64%) think workplaces should provide employees with a password manager to protect credentials. This finding indicates a desire for leadership and creativity, a development that IT security teams should find encouraging.
Shared accounts that require another level of control, such as a server’s user accounts, an organization’s SSH keys, or the encryption key password for an SFTP server, present another set of challenges for sharing access information. Some password managers provide a way to securely create and store organizational passwords in collections that allow an administrator to share and update those credentials from time to time without having to to blast the users of the organization with updated information.
through less secure channels. This way, organizations can exercise centralized control over who has access to information.
To further strengthen security, organizations should also look to enterprise password managers that offer a form of two-factor authentication (2FA). Two-factor authentication, which requires users to use two separate methods to verify their identity to gain access to an account, helps to further strengthen user security for websites and applications. This limits the possibilities for data exfiltration that can arise from using unsecured Wi-Fi networks, unsecured personal devices, and unencrypted channels.
Organizations will never have complete and total control over how their employees use technology, especially in a hybrid or remote environment. Unsafe practices such as those discussed in this article will unfortunately continue. However, the overall risks can be mitigated by consistent enterprise-wide use of a password manager.
About the Author
Gary Orenstein is CCO at Bitwarden: Open Source Password Management Solutions for Individuals, Teams, and Enterprises.
Featured image: ©Putilov_denis