June 13, 2018 By Shane Schick 2 min read

A recent study found that a quarter of employees reuse the same password for all their accounts, putting corporate cybersecurity at risk and highlighting a need for better training.

Even worse, 81 percent of employees who reuse the same credentials don’t bother to protect their smartphone or desktop with a password. The survey also found that 23 percent of employees frequently click on potentially malicious links before verifying them in any way.

Security Hygiene Falls Through the Cracks Despite Heightened Awareness

The research showed that users are still failing to follow basic cyber hygiene best practices despite growing awareness about cybersecurity. According to the report, titled “Cyber Hygiene Study 2018,” 60 percent of respondents cited the threat of personal data compromise as their top cybersecurity concern. Still, 33 percent admitted that they don’t use two-factor authentication (2FA), and 17 percent said they used the same password for six or more accounts.

These poor password practices persist despite employers’ efforts to enforce corporate cybersecurity policies. Another survey by B2B market research firm Clutch found that 67 percent of users regularly receive reminders to update their passwords. While 82 percent of respondents said they do frequently update their credentials, just 41 percent said they use 2FA and even fewer (20 percent) use a password manager.

Improving Corporate Cybersecurity

On the plus side, the Clutch study showed that employees can be highly proactive in ways that go above and beyond their corporate cybersecurity policies. In fact, 60 percent of employees said they report cybersecurity incidents to their organization while 59 percent have gone through security or compliance training.

As the workplace becomes increasingly digitized, organizations are trying to find the right balance between empowering employees to be productive and making sure they don’t get themselves into trouble. That could be why 55 percent of users reported that their internet access is restricted at work and 53 percent said they encounter user permission prompts when requesting access to the systems they need to do their jobs.

Tellingly, however, only 47 percent of employees are required to formally acknowledge their company’s IT security policy. These results suggest a need for IT leaders to drive awareness about corporate cybersecurity policies and follow up to ensure that users are practicing good cyber hygiene.

More from

The compelling need for cloud-native data protection

4 min read - Cloud environments were frequent targets for cyber attackers in 2023. Eighty-two percent of breaches that involved data stored in the cloud were in public, private or multi-cloud environments. Attackers gained the most access to multi-cloud environments, with 39% of breaches spanning multi-cloud environments because of the more complicated security issues. The cost of these cloud breaches totaled $4.75 million, higher than the average cost of $4.45 million for all data breaches.The reason for this high cost is not only the…

What is the Open-Source Software Security Initiative (OS3I)?

3 min read - The Open-Source Software Security Initiative (OS3I) recently released Securing the Open-Source Software Ecosystem report, which details the members’ current priorities and recommended cybersecurity solutions. The accompanying fact sheet also provides the highlights of the report. The OS3I includes both federal departments and agencies working together to deliver policy solutions to secure and defend the ecosystem. The new initiative is part of the overall National Cybersecurity Strategy. After the Log4Shell vulnerability in 2021, the Biden-Harris administration committed to improving the security…

Widespread exploitation of recently disclosed Ivanti vulnerabilities

6 min read - IBM X-Force has assisted several organizations in responding to successful compromises involving the Ivanti appliance vulnerabilities disclosed in January 2024. Analysis of these incidents has identified several Ivanti file modifications that align with current public reporting. Additionally, IBM researchers have observed specific attack techniques involving the theft of authentication token data not readily noted in current public sources. The blog details the results of this research to assist organizations in protecting against these threats. Key Findings: IBM research teams have…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today