LogMeIn did a really cool report they’re nicknaming “The State of the Password“, which breaks down a company’s security score by size and industry. They took a census of 43,000 companies to gather all of this data. Here are some highlights of the report:
The bigger the company, the worse the score
This one should explain itself. Larger companies have more controls in place. This added red tape means most large companies (10k employees or more) are at least a generation behind on enterprise security. There is also a corporate “inertia”, so larger companies are extremely hesitant to try new, more secure, products or technologies.
Smaller companies that can quickly move from one platform to another, and have proper controls for user training, tend to have a higher score.
Companies that don’t use password managers score really low
Companies that don’t use a password manager score 23% lower than companies that have subscriptions to password managers. Enterprise accounts can get expensive, but is it really more expensive than a potential compromise? Everyone should use a password manager!
There isn’t a ton of variation by industry
Industries that deal with creating or managing technology tend to do better with security (surprise surprise). Beyond that, there is a very small margin across other industries.
Employees are using the same password for business and personal accounts
You shouldn’t ever use the same password across multiple accounts. Ever. This is even more important when mixing work and personal accounts. If your personal accounts are compromised, and can be linked to your work email, or other business accounts, your employer could be at risk. Do you really want to be the cause of data being stolen, or systems being compromised?
Why are so few companies using multi-factor??
Multi-factor authentication is one of my favorite security protections. It allows your accounts to remain secure even if you leak all of your passwords online. Everyone should be using it!
IT Security has a long way to go, but improvements are being made. It is up to the users to make sure they’re following basic security guidelines:
- Don’t use the same password, ever. Use a password manager to make your life easier.
- Lock your computer when you walk away from it.
- Make regular backups
- Make sure you’re staying up to date on software! Don’t be an anti-vaxer.
- Don’t open suspicious emails, and don’t click on strange links.
- Always use protection. I use Sophos on my machines, but there are plenty of other alternatives for endpoint protection.