We recently completed a survey of both customers and non-customers in the US and EMEA to understand how they use GlobalSign’s products as well as the security measures, policies and guidelines their companies currently have in place. The survey certainly provided some results that we expected, such as well over 150 respondents saying they received a phishing email that looked like it was from an internal department such as human resources, legal or finance. This was no surprise given the exceedingly high number of phishing scams.
However, there were also some responses we found very surprising, including the fact that companies are still lagging in some fundamental areas when it comes to security, leaving them vulnerable to hackers.
For example, we asked survey participants what their companies’ specific policies were for passwords. While many answered that they’re required to take steps such as changing their password after a certain length of time, 47.33% of respondents said their company had no corporate password policy whatsoever. This was somewhat shocking knowing the plethora of security threats that exist today. It almost goes without saying but EVERY business should have security policies and procedures in place.
47% of organizations have NO corporate password policy
GlobalSign’s survey also looked at email encryption practices. It discovered that many companies are still quite lax in this area. As many as 24% of companies still don’t use it at all. This is concerning as email encryption is considered one of the best, tried and true methods to protect businesses. It protects email messages and attachments over networks, even those that may be untrusted. All it takes is for one host to be infected with malware to allow for the interception of email messages and the exfiltration of sensitive information.
In addition, the survey also showed that companies are not taking enough steps to secure their documents. We asked people how their company protects them from being tampered with after they are published. While some businesses took appropriate steps such as applying digital signatures, encrypting them or converting them to a PDF, others have no solution at all. In the US, 15%, but in EMEA, 21% have nothing in place. While these numbers aren’t alarming, it was still a bit of an eye opener to see that companies are reluctant to properly secure their documents.
Almost 20% of companies don’t take any extra steps to secure their electronic documents against tampering.
Another area that shines a light on how companies need to better secure themselves is multi-factor authentication. 51% of the respondents in both the US and EMEA said their company wasn’t relying on it at all. Companies do need to pay attention to this as the increasing amount of identity theft and data breaches due to weak passwords strongly suggests single-factor methods of authentication are no longer a sufficient. Multi-factor authentication is now essential to protect organizations’ sensitive data.
While it’s encouraging to see that companies are increasingly taking steps to ensure their security, clearly more work needs to be done. Basic security measures like password policies and email encryption should be in place at every company. Without that, breaches are sure to continue to make headlines.
For additional information regarding some of the topics covered in our survey, please check out these previous GlobalSign blog posts on subjects such as Multi-Factor Authentication and Document Security. We hope you find them helpful. Of course if you have any other questions please contact us directly. We’re always glad to assist you!