Employees’ cybersecurity habits worsen

Tomas Foltyn, security writer at ESET explains that despite rising number of incidences. the organisations not doing enough to control the worsening cyber hygiene habits of employees that might put the organistion at risk.

The prevalence of cybersecurity incidents and the concomitant growing concerns about any organization’s cybersecurity posture haven’t done much to discourage many employees from engaging in poor security habits, a survey has found.

In some respects, employees’ cyber-hygiene is actually getting worse, according to the 2018 Market Pulse Survey by identity governance provider SailPoint, which gathered opinions from 1,600 employees at organizations with at least 1,000 employees in Australia, France, Germany, Italy, Spain, the United Kingdom, and the United States.

Three in every four respondents admitted to reusing passwords across accounts. In the survey’s 2014 edition, the same was true for “only” 56% of the employees.

The generation that has grown up with technology and might therefore be expected to know better fares even worse in this department: no fewer than 87% of people aged 18-25 duplicate their passwords, including nearly one-half who do so across personal and work accounts.

In addition, 31% of the respondents admitted to having deployed software without the authorization of their respective organization’s IT department in a practice dubbed “shadow IT” – an increase from 20% in 2014. Such willingness to skirt considerations of security, across all age groups, was largely attributed to workers’ efforts to boost their work efficiency.

A sense of disconnect between the employees and the IT teams is also seen in that more than one-half (55%) of the respondents said that their organization’s IT department can be a source of inconvenience.

In fact, 13% of employees admitted they would not immediately alert their IT team should they think that they had been hacked. Indeed, nearly the same share (49%) of employees said that they would actually blame the IT department for a cyberattack if it occurred as a result of an employee being hacked.

Even in the absence of malicious intentions, however, intentionally skimping on security adds to the range of myriad risks that not only large organizations face at present. This is unfolding against the backdrop of challenges introduced by the ongoing digital transformation and efforts of businesses to keep up with the requirements of today’s digital era.