Email in bed and other home-working risks - A Guide To Secure And Practical Password Management
Smartphones, apps and software in its various forms have broadly improved conditions for the UK's office working population. The ability to get things done with flexibility, often from home, has enabled much of the workforce to improve their work-life balance quite significantly. 'Working from home' is no longer seen as a euphemism for 'watching daytime TV'. We can actually work from home when we say we're working from home. But there are downsides too. The very technology that lets us work from home can also trap us in a never-ending cycle of constant connectivity. When our colleagues and our superiors know we're connected, it's easy to assume that they expect us to respond when they call - even if it's out of hours. This poses a number of problems. Such as:
- Difficulty switching off from work
- Interruptions to family or leisure time caused by 'checking in'
- Stress brought on by the above
- Data and information security issues associated with home networks
Recent research we conducted has found that, while on the whole, the UK workforce benefits from being able to work from anywhere, connect easily and fit their work around their life a little better, the downsides are significant too.
For example, of the 1,000 UK adults we surveyed between April 2nd and April 24th 2017, just over one third (35%) said that they'd been contacted by a senior colleague about a work matter via a social media app.
So even for those disciplined enough to avoid work emails out of hours, it's clearly very hard for them to get away from work when they need to.
Perhaps more alarmingly, 18% said they'd responded to a work-related message after going to bed.
Of the 18% who reported this, the vast majority said they regretted doing so.
There's another problem here too. Business emails regularly contain sensitive information. So when people are operating outside of their company's information security structure, they need to be more careful than usual. Working from bed, late at night doesn't appear to be compatible with this requirement.
And ensuring work emails are encrypted and secure doesn't prevent this. A significant number of adults admit to using their personal email to send and receive potentially sensitive information while out of the office. Of those who did it, the majority (89%) said they felt forced to do it because connecting via VPN to the office network or sharing in other secure ways too time consuming.
The study also covered password management. Of those surveyed, 62% said they'd had to reset a work-related password after forgetting it. Data from a separate study we conducted from a selection of UK businesses last year found that password reset requests go up on average by 19% during August and 12% in January, compared to the national average. Most password resets were requested after an employee had returned from an extended period of time off, either during summer or at Christmas.
So what can be done?
First of all, the biggest security risk when employees are migrate themselves over to a web-based email account for work reasons is security. They may have their password autosaved, it may be easy to guess. Free, personal email addresses typically don't enforce the same level of information security as the less-intuitive office favourites. So if you are a work-from-home type and you've been a bit lax on your own personal email security, do yourself (and potentially your employer) a favour, a read on.
We're all facing password meltdown. With so many products, services and utilities available online and each requiring a password for access, it's extremely easy to lose track of them all. Forgetting passwords can be extremely frustrating and a real time drain trying to reset them, disrupting both your work and personal time spent online. Here's where password manger apps could possibly help. We're told that for security, we need to choose different passwords for each account, to change them regularly and never to write them down but do we all have enough brain space to remember them all? Of course not, it's near impossible to expect one person to remember hundreds of different usernames and passwords without a photographic memory. So, what's the solution to keeping on top of it all?
Are password manager apps the answer?
Millions of people rely on password manager apps and software to keep all of their passwords safe, and to enable them to access every account easily. These apps securely store all of your individual passwords, locking them away in a virtual vault. All you need is one super strong password to access all of them, so just one tricky combination of letters, numbers and special characters rather than hundreds of them. But doesn't this make your passwords vulnerable? It's important to note that password manager apps aren't the same as when your browser offers to remember passwords for you. This option isn't very secure, but where password manager software is different is in the way it stores your passwords. All of your information is encrypted, which means that it is not accessible or guessable to any hacker or potential identity fraudster that comes along. Most of the big names in this technology depend entirely on their reputations, so if they are hacked or lose passwords, no customers will ever trust them again. Password manager apps keep all of your personal data off browsers and websites, where anyone with malicious intent can access it. They act as the gatekeeper for your private information, including passwords. For your convenience though, these apps allow you to login into all the sites and accounts whenever you need to you just enter your vault password and the app does the rest of the remembering for you. As for which password manager to use, there are plenty to choose from. Look for well-reviewed managers such as LastPass, KeePassX, Dashlane, 1Password and Sticky Password.
How to create strong passwords
If you're considering using password manager apps or you simply want to develop stronger passwords (and you're confident you can remember them all), you'll need to know how to create an uncrackable password. Good password managers should help you to create a strong master password to unlock your vault in fact, they should indicate the strength of any given password and not let you continue until the combination you've chosen meets a minimum standard. Here are some other handy tips for creating mega strong passwords:
- Long passwords are always more secure. This is obvious, as the more characters there are and the more complicated the password, the longer it will take someone to crack it.
- Random string passwords are easier for you to remember, but harder to crack. This means passwords consisting of random but clearly recognisable words. For example, 'wool-candle-frog' or 'bicycle-bun-Japan'. When testing these unconnected words on sites such as Dashlane sponsored https://howsecureismypassword.net/, these kinds of combinations prove to be difficult to crack. You can remember them, but as long as they aren't directly connected to you or to each other a hacker would have a lot of trouble cracking them. You can even use random objects in the room you regularly work in (i.e. 'sofa-mouse-cooler'), as long as they aren't too obvious or office/desk related.
- Avoid common password add-ons. As many sites require you to include a number and/or special symbol, don't simply choose the most obvious as hackers will try these first. For example, adding the number 1, a hashtag or your birth year to the end of a password.
- If fingerprint authentication is available, use it. Many smartphones and apps now use fingerprint recognition to sign you in, rather than passwords. Unlike passwords, this can't be replicated or guessed, and it's quicker than entering a password. Just make sure you've got dry, clean hands!
- Change your password occasionally. Unless you work for a top-secret government department, it isn't necessary to change your password every week or even every month. Just make sure you change it to something completely different every once in a while, such as every 6 or 12 months.
- Don't use the same password for everything. This goes without saying, but you should also make sure not to use different variants of the same password. This is because if the worst happens and your password is leaked, guessed or stolen, and you're using a similar version of it elsewhere, it will potentially put all of your accounts at risk.
Remember to stay calm when it comes to creating and managing passwords. Most online platforms such as bank websites have security procedures in place to protect your accounts from malicious attacks. They won't allow thousands of incorrect guesses, so all you need to do is ensure your password is strong enough to protect it from just a few lucky tries.
There are some occasions when resetting a forgotten password simply isn't an option. For example, if you forget your Windows administrator password and need to gain access to your files from a crashed computer. If you haven't backed up your vital data, you've forgotten the password and there's no way of resetting it, you could be in serious trouble. For this kind of nightmare scenario, technology comes to your rescue again. Password recovery master keys can be hugely useful for bypassing forgotten administrator passwords and getting access to those all-important files. They can also help parents worried about their children's online activity, as well as law enforcement and private investigation professionals.