Hollard has introduced online security manager LastPass’s centralised password management system to bolster its cyber protection and help employees maintain complex passwords across multiple systems.

Sydney-based LastPass Head of Identity Lloyd Evans tells insuranceNEWS.com.au his team worked last year with Hollard Chief Information Security Officer Grae Meyer-Gleaves, who joined Hollard just months before the covid pandemic.

“There are blurred lines between corporate and personal security and that is probably more evident with working from home, People are a little more relaxed in their security posture generally, and we find that people are using their Netflix passwords for their corporate passwords. Segregation is really important for good habits,” Mr Evans said.

Boston-based LastPass, which also counts a life insurer, Victoria’s Deakin University and Queensland’s Lockyer Valley Regional Council as customers and served 85,000 businesses globally, auto creates passwords and stores them securely in a “vault”. Its identity management solutions include adaptive multifactor authentication.

“Grae was looking for a way to do that rather than having staff effectively writing down passwords on Post It notes or in unsecure spreadsheets,” Mr Evans said. “It extends to staff outside the office as well.”

Around 60% of Australia cyber losses relate to use of compromised credentials, LastPass says, and insurance is one of the top five industries to notify data breaches.

“That is why it is such a focus of regulation,” Mr Evans says. He points to examples such as the use of a notoriously weak “SolarWinds123” password by an intern before that significant cyber attack, and the head of Colonial Pipeline telling US Congress their enormously damaging ransomware attack was possibly enabled by stealing just one password.

“The main issue insurance companies have as they digitally transform and bring on more cloud locations is they have more passwords and user names to remember and complexity becomes an issue,” Mr Evans said.

“The ability to remember those, not reuse them and make them complex is difficult. We are all busy and we dont have the mental capacity, so LastPass is a way to manage those credentials more effectively and reduce the risk of cyber breach.”