Employee Behavior Poses Online Security Risk
Even though employees are being educated about the best online security practices, they are not implementing this knowledge in their work and personal lives, according to a new study by Ping Identity.
Ping Identity, an Identity Defined Security company, surveyed 1,000 people at U.S. enterprise organizations with more than 1,000 employees. The survey found most respondents are struggling to follow best practices consistently, even though they say they prioritize online security.
Most say they place a high value on protecting their work passwords. In fact, 58% of the respondents believe protecting work-related information is even more important than protecting their personal email and home addresses. However, employees are not doing enough to safeguard that information, including:
- 37% of the respondents are likely to share their passwords with family members, even though 78% believe it is risky to do so. Most respondents (54%) also share their login information with family members so that they can access their computers, smartphones and tablets.
- Half of the respondents admitted to reusing passwords for work-related accounts, and 62% are likely to reuse passwords for personal accounts.
- Most respondents (66%) said they would not give up their personal email login credentials for anything. Surprisingly, some were willing to part for the information for the right price, though. 20% would trade this information for a paid mortgage or rent for one year, and 19% would give up their email login credentials to pay off student loans or pay for higher education tuition.
- Employees were more careful with their work login credentials. 74% said they would not give up their work email credentials for anything.
Employees are also failing to take responsibility for their own actions. While most respondents (82%) credit IT for implementing and enforcing good password policies, most respondents said that the blame for a data breach should fall on IT and not on their own risky online behavior. In fact, 59% believe IT is ultimately responsible for a corporate data breach. Only 11% of employees said they could be held accountable.
“Employees are doing some things really well to keep data secure, like creating unique and difficult-to-guess passwords, but are then reusing passwords across personal and work accounts or sharing them with family or colleagues,” said Andre Durand, CEO of Ping Identity. “No matter how good employees’ intentions are, this behavior poses a real security threat. IT continues to shoulder the burden of enabling mobility in a secure manner and educating employees on safe online behavior, but those efforts are falling short, too.”