One in four employees still using same passwords for all enterprise applications

One in four employees still using same passwords for all enterprise applications

One in four employees still using same passwords for all enterprise applications

A new survey has revealed that despite a major rise in phishing attacks on organisations, a significant percentage of employees are still using the same passwords for all accounts, are setting easily-guessable passwords, and are clicking on external links without verifying where they lead.

The survey, carried out by OpenVPN, also revealed that the adoption of biometric authentication has been less than optimal so far, thereby putting the privacy and security of enterprise and customer data at risk.

While 25 percent of employees are reusing the same password for all applications that require authentication, 23 percent of them are frequently clicking on links before verifying whether such links are genuine or malicious.

“Cybersecurity breaches are a matter of ‘when’ not ‘if’, and organizations have to be ready to address hackers head on. But with businesses so focused on external threats, they often overlook the role their own employees play in exposing vulnerabilities from inside an organization,” the firm noted.

Non-adherence to IT security policies

Earlier this year, a survey carried out by Dr. Lee Hadlington at the Leicester-based De Monfort University also revealed that employees at UK organisations are less likely to follow IT security practices and protocols while surfing the web, clicking on various links and visiting social media platforms.

Such non-adherence to IT security policies by employees, not maintaining password hygiene and trusting emails sent by unknown persons expose organisations to immense risk. Research by M-Files had revealed last year that at least 23% of businesses in the UK suffered data breaches because of non-compliance with company security policies by their employees.

A major reason behind such non-compliance is the lack of specific cyber security training that needs to be imparted to employees from time to time. A survey of 2,000 workers by Accenture recently revealed that over half of them (55%) did not remember receiving specific cybersecurity training from their employers.

Kirill Kasavchenko, principal security technologist, EMEA at Arbor Networks, said that every employee should not only be provided training on password hygiene, but also specific cyber security training that will help them understand how different attacks work and how to recognise social engineering tactics.

He added that while prevention is the best practice, businesses should also train employees on how to minimise the damage once a breach occurs. “Regular employee training on IT security will become even more of a necessity once GDPR and the new UK data protection bill come into effect. Businesses need to look at why their staff do not feel adequately trained and put a training plan in place,” he said.

Employees following best practices must be rewarded

According to OpenVPN, employers should not stop at merely imparting specific cyber security training to employees, but should also ensure compliance with cyber security policies by rewarding employees who follow the best practices.

“Employees may be a company’s first line of security, but many fail to report cyber attacks out of fear of retribution. Instead of employing fear tactics to scare employees off weak passwords and phishing schemes, employers should consider rewarding or acknowledging individuals who embrace good cyber strategies.

“Employees are less likely to shy away from security training and are more incentivized to change their approach to cybersecurity when they are sent encouraging messages for safe internet behavior,” the firm said.

“Building a work culture centered around good cyber hygiene takes time, but will ultimately protect companies in the long run from online threats. When smart online habits become second nature, both employers and employees can better prevent hackers from taking advantage of otherwise stagnant security environments,” it added.

Copyright Lyonsdown Limited 2021

Top Articles

Carnival Cruises hit by fourth data breach in 18 months

Carnival Cruises, one of the world’s largest cruise ship operators, has confirmed that it suffered another data breach in mid-March.

NHS Test & Trace Consolidates Cyber Security

NHS Test and Trace has teamed up with cybersecurity company Risk Ledger to proactively manage its supply chain cybersecurity risks.

The expert view: Accelerating the journey to the cloud

At a virtual seminar on 9 June 2021, sponsored by managed IT service provider Sungard Availability Services, eight senior IT decision makers gathered to discuss how organisations can accelerate their…

Related Articles

[s2Member-Login login_redirect=”” /]