By Gary Orenstein, Chief Customer Officer at Bitwarden, open source password manager for businesses and individuals
Digital financial services adoption, like online banking, has skyrocketed over the past decade, with consumers favouring them for convenience, speed and efficiency. But with most online conveniences comes a notable concern: security.
Financial information is among the most sought-after data by hackers. Once stolen, they not only comb through it for valuable insights, but also have a variety of ways to monetize the data; including fraudulent online purchases or selling the data on the dark web for as little as 50 cents, according to Kaspersky. The research also found financial information is still as in demand as around a decade ago.
As a result, banking organisations now recognise the importance of cyber security as a top business priority, specifically how to combine cutting-edge technology and industry best practices to protect their consumer’s financial information. But with scams becoming increasingly sophisticated, problems still often arise — mainly as a result of employees’ poor cyber hygiene habits seeping into the workplace. This is now magnified with the majority of industries being forced to work virtually due to the COVID-19 pandemic.
Poor cyber habits in the workplace
Research by the NCSC highlights that people are still choosing weak, hackable passwords, even within the workplace. However, this comes as little surprise given the amount of information employees need to retain in an ever-growing digital world. For passwords to be secure, they need to be complex and unique for each system or service being accessed, making the information much harder to remember.
The risks of cyber breaches are made even greater by employees still failing to spot basic phishing scam – as part of their increasingly targeted campaigns, hackers may use information about employees or the company to make their messages even more persuasive and realistic for their victims.
Therefore, given the range of different potential cyberattacks, successfully defending an organisation requires a multi-layered approach. The adoption of password managers, alongside traditional security measures, can significantly reduce the occurrence of cyber breaches within banking organisations.
Password managers work by providing employees with strong, unique passwords for all the applications, accounts and systems they access. Organisations can create password policies to ensure passwords are not reused and minimise the risk of employees using weak and vulnerable passwords.
Most password managers are easy-to-use and can be integrated into workflows without disruption. With that in mind, we’ve put together five tips for picking the right solution for your organisation.
Think of the user experience
Selecting the right balance between usability and security is vital. Good password managers should serve all employees, regardless of technical expertise. Solutions that fit existing workflows with cross-platform capabilities across a range of operating systems, browsers, and applications provide easier integrations.
Choosing a password manager that uses biometric logins and two-factor authentication options also adds an extra layer of security. With these capabilities in place, banking organisations can secure credential management for all employees.
Ensure ownership of data
Organisations should choose a credential management system that offers deployment flexibility. Some banking firms, depending on location, must meet regulatory standards for hosting data. Choosing a password management tool that offers cloud, private cloud, and on-premises hosting gives the organization more options for data oversight.
Look for an end-to-end encryption model
Banking firms need to ensure complete encryption of all data when choosing a credential management system. Starting with a tool that uses end-to-end encryption sets a foundation for a secure architecture. To ensure data is protected, everything needs to be encrypted — starting as soon as it enters into a client application.
Additionally, data should be encrypted in-transit (between the application and server) and encrypted at rest.
Place value on open source and third-party audits
Open source solutions allow the community to regularly examine the source code, understand its operation and identify potential vulnerabilities in software. Working together, potential security risks are identified and remedied sooner.
Firms should look for password managers that have been audited by third-party professionals; as a general rule – if security pros are using the product, it’s a good one!
Pick your own controls
No bank is the same, so being able to customise configurations means organisations can choose the right security tools for their team. Enterprise policies include the ability to select add-ons such as certain password requirements, two-factor authentication, and login path selections for users.
When employees are left to choose their passwords without guidance or effective tools, it leaves organizations open to bigger security problems. A password manager can ensure employees are armed with the right tool to guard against bad password hygiene and ultimately leaves your organization safer.