In order to enhance security and reduce risks, organizations invest in security awareness training programs after realizing the cybersecurity risks that their end users pose. Cybersecurity training does have its drawbacks, particularly when it comes to altering end-user behavior regarding passwords.
End users prioritize convenience and efficiency over security despite being aware of best practices. They simply want to finish their work quickly without having to remember multiple complicated passwords; they do n’t intend to put themselves in danger. When it comes to cybersecurity breaches, there is a general mindset that “it wo n’t be me.”
Security training can be used to foster a culture of cybersecurity awareness, but behavior cannot be consistently changed.
We’ll discuss the drawbacks of training and offer five technological enhancements to make password security more stringent.
where instruction is lacking
79 % of participants in LastPass’s study found cybersecurity training to be beneficial.  , However, only 31 % of those people said they had stopped using passwords again.
This shows that, despite the potential for valuable knowledge, training does not always result in immediate behavioral changes.  , It’s either not sticking or end users are ignoring their knowledge in favor of convenience and speed.
This behavior is frequently motivated by a desire to avoid having to remember several difficult passwords.
It makes sense. Over 130 SaaS applications are currently used by the average organization, and 100 passwords must be managed by each employee.
Employees may still disregard or forget to adhere to password security guidelines, even with the best of intentions. The effectiveness of training programs can be hampered by time constraints, forgetfulness, and a lack of individualized guidance.
This means that while cybersecurity training is beneficial for increasing awareness and understanding of password security, it is constrained in how risky user behavior, such as password reuse, can be changed.
Why is it so difficult to reuse passwords?
According to Bitwarden research, IT teams should be concerned because 84 % of internet users admit to using their passwords again. A breach outside of your organization could make it simple for attackers to access your workplace when people reuse their work passwords on personal websites and applications.
Because a weak outside link can compromise you, your organization’s efforts to safeguard sensitive data and systems are undermined.
Think about the scenario where attackers obtain a database of passwords from an unsecure SaaS or external website. Attackers have time to try to crack the passwords before figuring out who the users are and where they work, even if they are hashed.
Attackers may have a simple entry point into the victim’s organization if they have been using their work passwords repeatedly.  ,
Organizations are finding it particularly challenging to address the issue of password reuse through training because they are attempting to influence behaviors outside of the workplace. It’s a problem that calls for technological assistance.
With the right technology, there are six ways to support training.
Organizations can build a stronger defense against risky password behavior by combining training efforts with technology. We’d advise you to increase your cybersecurity training efforts in the following six ways.
- Audit your Active Directory to find out if there are any password-related vulnerabilities that need to be fixed. This enables IT teams to identify vulnerabilities early on and, if necessary, request password changes from users. Aiming to audit? Scan your Active Directory right away by downloading a free, read-only tool.
- Establishing a strong password policy can prevent common passwords, keyboard walks, and even specialized dictionaries that are specific to the industry in which your company operates. Organizations can significantly lower the risk of unauthorized access and brute force attacks by avoiding the use of weak passwords.
- It’s crucial to check for compromised passwords as well as prevent the creation of weak ones in the first place because even the most secure ones can be compromised. Organizations can reduce the possibility of attackers using compromised passwords to gain unauthorized access by quickly notifying users and asking them to change their password.
- Password managers are programs that create distinctive passwords for various accounts while securely storing them. Organizations can get rid of the requirement for people to remember multiple complicated passwords by encouraging employees to use password managers. However, keep in mind that master passwords may still be vulnerable to password reuse for end users.
- Enforce multi-factor authentication ( MFA ): By requiring users to provide additional verification in addition to their password, such as a fingerprint scan or one-time passcode, MFA adds an additional layer of security. Organizations can lessen the effects of compromised passwords by implementing MFA because attackers would require more than just the password. Password security is still important, and MFA is not perfect.
Strong password security is used to reinforce training.
In addition to continuously scanning your Active Directory passwords against a database of more than four billion known compromises, the Specops Password Policy with BreachedPassword Protection prevents the creation of weakpasswords. This provides a useful safety net for preventing the breach of your end-user’s Active Directory passwords and risky password behavior.
Customizable notifications and dynamic feedback during the password change process help your end users create secure, memorable passwords.
Organizations can increase security awareness efforts and encourage users to use better password practices by enhancing the user experience, which lowers the risk of password reuse.
Learn how your company might benefit from Specops Password Policy.
sponsored by Specops Software, who also wrote it.