Enterprises put at risk by employees' poor security habits
According to a new study, 25 percent of employees have tried to look at data at work that they weren't supposed to, and 60 percent were successful at accessing that data.
The survey by adaptive threat prevention company Preempt also reveals widespread bad habits, with 41 percent of employees using the same password for both personal and work accounts.
In addition, 20 percent of employees were aware that their passwords had been compromised in a breach, but of those 56 percent say they only changed their passwords for the account that was breached, showing they are not aware of the full consequences a password leak can have.
"Uncontrolled employee access combined with poor security habits are a recipe for a breach no matter how you look at it," says Ajit Sancheti, co-founder and CEO at Preempt. "With the billions of dollars being spent each year on cybersecurity, it's concerning to discover how easy it is for over-confident employees to access data or bend the rules and negate the impact of those significant security investments."
Among other worrying findings are that 40 percent of respondents have no clue if their usernames and passwords were exposed in a public breach or not. More than 90 percent of all employees have weak password update practices, split almost equally between those who use multiple variations of the same passwords (changing a letter, character, etc.) and those who pick something very different or more complex but write it down.
Nearly 25 percent of respondents say there are accounts in their office or group where multiple users share the same username and password -- posing a threat to the company should a disgruntled employee leave and passwords are left the same.
More than 30 percent have at some point 'bent the rules' or found a security workaround in order to get something done at work -- with more than 10 percent of respondents having done so on multiple occasions.
Despite these failings 41 percent of employees rate themselves in the top 25 percent in their organization when it comes to security awareness, proving a large portion of employees think they are much more security aware than they really are.
You can read more about the findings on the Preempt blog.