News

5G Networks Pose New Cyber Risks: What Steps Can Organizations Take To Lower The Threat?

5G networks are more vulnerable to cyberattacks, meaning organizations that use them must take additional precautions. We examine. Read More

Sharing Files Or Malware? Why Users Must Stay Vigilant Even When Collaborating

Systems experts think they may have found a flaw in Google Drive's file storage system that would allow hackers to download malware. Read how to avoid infection. Read More

Does Your Website Need To Be GDPR Compliant?

Organizations must make sure their data collection practices adhere, if required, to the E.U. guidelines. We examine. Read More

Cross-Over Of Personal And Work Passwords Continues To Put All Employers At Risk

A survey of 2,000 consumers conducted by SecureAuth, an identity and access management solutions organization, found that 53 percent of respondents continue to use the same password across multiple accounts.

Among those reusing passwords, 62 percent said they do so on three to seven accounts, and 10 percent use the same password across 10 or more accounts. According to the report, people reuse passwords because it's too hard to remember truly unique passwords.

In fact, managers are even worse at this than their employees. The survey found that 70 percent of non-management employees use unique passwords for work, compared with only 38 percent for those in leadership positions. In addition, 34 percent of managers said they use one of the highest risk passwords, such as Password; 123456789; Abc123; Qwerty123; or Iloveyou.

Finally, the survey found that fewer than one in three consumers is willing to share biometric data with an organization they buy from or the government. However, data shows that 31 percent of individuals already use biometric data to unlock their phone; 12 percent to unlock a computer; 12 percent for TSA verification; and 10 percent for banking. Esther Shein "Bad password habits continue with 53% admitting to using the same password" techrepublic.com (May 05, 2020).

 

Commentary

Too many employees use the same password for personal and work accounts. This puts employers at risk.

The younger the employee the more prone he or she is to use the same password for private and work accounts. According to the SecureAuth survey, 21 percent of all respondents use the same password for both their work and personal email accounts, but that number jumps to 26 percent for millennials and 33 percent for Gen-Zers. In addition, 44 percent of respondents said they use other personal passwords at work.

This is problematic because employees likely have fewer cyber protections on their personal computers and devices, making their personal passwords easier to hack. If that password is the same as their work password, cybercriminals now have access to organizational data.

Continue to train employees on the importance of never reusing a personal password for a work account. However, to make sure they comply, you must make it easy for them to create and use unique passwords. You cannot expect them to remember a unique password for every work account. Provide password management software to all employees and train them on how to use it to further encourage them to create strong, unique passwords for all work accounts.

Another serious problem is the number of employees who share their passwords. Although employees are less likely to share the password to their work email than their password for a streaming service, 34 percent still do. Furthermore, individuals share passwords over easy-to-hack avenues, including via text message (20 percent), phone (19 percent), and email (10 percent).

The fact that 10 percent of respondents share passwords over email suggests that employers are falling short on training members of their organization about one of the most important password tenets - never share a password in response to an email request. Step up your training if you don’t cover this annually. Make sure your information technology employees never request a password from members of the organization and instead work with employees to create one-time temporary passwords when they need to access an account or device.

Finally, don’t forget to train your leaders as thoroughly on password best practices as you do entry-level employees. Leaders are actually less likely to be protecting your data, according to the SecureAuth report. Don’t leave out younger employees as well, who also create higher risk than their older counterparts.

Finally, your opinion is important to us. Please complete the opinion survey:

Sign In

Are you a new user?

Register here

Retrieve password