Password Security Risks for Organisations Due to Employee Behaviour

February 1, 20168:51 am1341 views

Employees tend to pose major security risks to organisational data due to faulty practices adopted at work, thus allowing vulnerability of critical data loss to companies. The majority of employees are not connecting the dots between security password practices they are taught and their behaviour displayed at work and personal lives, to keep important data safe from cyber threats.

According to the recently conducted, Ping Online Identity Survey findings, it reveals that the line of difference between personal and professional use of apps and devices by employees at workplaces continue to blur. While employees claim to prioritize online security, the data shows they are struggling to consistently follow best practices and take accountability for their actions.

The goal of this survey was to help chief information officers better understand how their workforces are accessing and securing data.

What Employees Do and Don’t Do

“Employees are doing some things really well to keep data secure, like creating unique and difficult-to-guess passwords, but are then reusing passwords across personal and work accounts or sharing them with family or colleagues,” said Andre Durand, CEO of Ping Identity. “No matter how good employees’ intentions, this behaviour poses a real security threat.

The results further revealed that while employees claim to value online security and understand risky versus safe behaviour, they fail to follow best practices consistently. Unsafe password practices were particularly noteworthy given the high value respondents place on their passwords.

Key findings from the survey are:

  • 58% of respondents believe that protecting work-related information is very important—even more than their personal emails and home addresses.
  • Though 78% believe that it is risky to share passwords with family members, 37% are likely to do so. The majority of respondents (54%) also admit to sharing their login information with family members so they can access the respondents’ computers, Smartphone, and tablets.

See: Online Security Considerations for Jobseekers in 2016 and Beyond

  • Half of respondents admit that they are likely to reuse passwords for work-related accounts. Nearly two-thirds (62%) are likely to reuse passwords for personal accounts.
  • While 66% say they wouldn’t give up their personal e-mail login credentials for anything, a surprising 20% would trade them for a paid mortgage or rent for 1 year, and 19% would give up their personal e-mail login credentials to pay off student loans or higher education tuition.
  • People are more careful concerning their work login credentials; 74% would not give up their work e-mail login credentials for anything.

IT gets High Marks for Password Security, but Blame for Breaches

IT departments continue to shoulder the burden of enabling mobility in a secure manner and educating employees on safe online behaviour, but those efforts are falling short, too.

Survey respondents credit IT for implementing good or excellent password policies and enforcement. However, they also lack confidence in the IT department’s efficacy in preventing data breaches. In the event of a data breach, most employees say the blame would fall on IT rather than their own personal risky behaviour.

Results of the survey also show:

  • 82% say their company has good or excellent password and authorization measures in place.
  • 76% are prompted to change their passwords every 1 to 3 months by IT.
  • 59% believe IT is ultimately accountable in the event of a corporate data breach. C-level executives are the next to be held accountable at 17%.
  • Only one in 10 employees (11%) believes he or she can be held accountable for a breach.

The study found this is a defining moment for CISOs [Chief Information Security Officers] and CEOs who are tackling these pervasive disconnects. It will require both to come together to rethink how they can ensure that the right people have access to the right data from any device, no matter where they are, says Durand.

Also read: Finance and HRD Pose Biggest Security Threat to Organisations. Do You Agree?

Image credit:

(Visited 1 times, 1 visits today)