Nearly two thirds of employees are using personal passwords to protect corporate data, and vice versa, with even more business leaders concerned about this very issue. Surprisingly, 97% of employees know what constitutes a strong password, yet over half (53%) admit to not always using one.
This is according to new research by identity and access management company My1Login, which surveyed 1,000 employees and 1,000 business leaders to compare employees’ realities, opinions, and outlook to security at work, alongside expectations and opinions of business leaders across a variety of industries.
The research also found that 85% of employees are reusing passwords across business applications after receiving training, in contrast to 91% of employees who haven’t received any cyber security training. Training is only making a negligible difference to how employees are protecting corporate data, highlighting that corporate security is at a high risk of being compromised even for organisations investing in training.
In terms of industry-specific findings, the research found that employees in the healthcare sector are particularly prone to reusing passwords, with 94% of employees declaring they have done so. Employees in the education and public sector reused passwords to a similar degree, with 91% of respondents admitting having done so in healthcare and 83% in the public sector.
All three verticals were also found to have the highest use of personal passwords for business applications, with 75% in education and 61% in healthcare and public sector, considerably higher than employees in technology (45%).
Mike Newman, CEO of My1Login, commented: “Poor password habits make cyber criminals’ lives far easier, offering a gateway into organisations and enabling them to conduct damaging, far-reaching cyber-attacks. From creating weak passwords to reusing them across applications, employees consistently struggle to maintain good password ‘hygiene’.
“Our finding that cyber security training is not having the desired effect – despite significant investment from leaders into helping employees improve their security behaviour – is very concerning. Employees are finding the process of juggling a variety of passwords frustrating, and this negativity is translating into negligent password practices due to a lack of motivation.
“Instead of relying on training to change employees’ behaviour around the protection of corporate data, business leaders need to take the responsibility out of the hands of employees as much as possible. An authentication management solution which offers a passwordless single sign-on experience does just that, alleviating the burden placed on employees and elevating productivity and wellbeing, in addition to placing leaders back in control of their organisation's security,” Mike concluded.