Light Dark
June 13, 2018 By Shane Schick 2 min read

A recent study found that a quarter of employees reuse the same password for all their accounts, putting corporate cybersecurity at risk and highlighting a need for better training.

Even worse, 81 percent of employees who reuse the same credentials don’t bother to protect their smartphone or desktop with a password. The survey also found that 23 percent of employees frequently click on potentially malicious links before verifying them in any way.

Security Hygiene Falls Through the Cracks Despite Heightened Awareness

The research showed that users are still failing to follow basic cyber hygiene best practices despite growing awareness about cybersecurity. According to the report, titled “Cyber Hygiene Study 2018,” 60 percent of respondents cited the threat of personal data compromise as their top cybersecurity concern. Still, 33 percent admitted that they don’t use two-factor authentication (2FA), and 17 percent said they used the same password for six or more accounts.

These poor password practices persist despite employers’ efforts to enforce corporate cybersecurity policies. Another survey by B2B market research firm Clutch found that 67 percent of users regularly receive reminders to update their passwords. While 82 percent of respondents said they do frequently update their credentials, just 41 percent said they use 2FA and even fewer (20 percent) use a password manager.

Improving Corporate Cybersecurity

On the plus side, the Clutch study showed that employees can be highly proactive in ways that go above and beyond their corporate cybersecurity policies. In fact, 60 percent of employees said they report cybersecurity incidents to their organization while 59 percent have gone through security or compliance training.

As the workplace becomes increasingly digitized, organizations are trying to find the right balance between empowering employees to be productive and making sure they don’t get themselves into trouble. That could be why 55 percent of users reported that their internet access is restricted at work and 53 percent said they encounter user permission prompts when requesting access to the systems they need to do their jobs.

Tellingly, however, only 47 percent of employees are required to formally acknowledge their company’s IT security policy. These results suggest a need for IT leaders to drive awareness about corporate cybersecurity policies and follow up to ensure that users are practicing good cyber hygiene.

 |  |  |  |  |  |  |  |  | 
Shane Schick
Writer & Editor

More from

December 18, 2024

Cloud Threat Landscape Report: AI-generated attacks low for the cloud

2 min read - For the last couple of years, a lot of attention has been placed on the evolutionary state of artificial intelligence (AI) technology and its impact on cybersecurity. In many industries, the risks associated with AI-generated attacks are still present and concerning, especially with the global average of data breach costs increasing by 10% from last year.However, according to the most recent Cloud Threat Landscape Report released by IBM’s X-Force team, the near-term threat of an AI-generated attack targeting cloud computing…

December 17, 2024

Testing the limits of generative AI: How red teaming exposes vulnerabilities in AI models

4 min read - With generative artificial intelligence (gen AI) on the frontlines of information security, red teams play an essential role in identifying vulnerabilities that others can overlook.With the average cost of a data breach reaching an all-time high of $4.88 million in 2024, businesses need to know exactly where their vulnerabilities lie. Given the remarkable pace at which they’re adopting gen AI, there’s a good chance that some of those vulnerabilities lie in AI models themselves — or the data used to…

December 16, 2024

FBI, CISA issue warning for cross Apple-Android texting

3 min read - CISA and the FBI recently released a joint statement that the People's Republic of China (PRC) is targeting commercial telecommunications infrastructure as part of a significant cyber espionage campaign. As a result, the agencies released a joint guide, Enhanced Visibility and Hardening Guidance for Communications Infrastructure, with best practices organizations and agencies should adopt to protect against this espionage threat. According to the statement, PRC-affiliated actors compromised networks at multiple telecommunication companies. They stole customer call records data as well…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature