June 13, 2018 By Shane Schick 2 min read

A recent study found that a quarter of employees reuse the same password for all their accounts, putting corporate cybersecurity at risk and highlighting a need for better training.

Even worse, 81 percent of employees who reuse the same credentials don’t bother to protect their smartphone or desktop with a password. The survey also found that 23 percent of employees frequently click on potentially malicious links before verifying them in any way.

Security Hygiene Falls Through the Cracks Despite Heightened Awareness

The research showed that users are still failing to follow basic cyber hygiene best practices despite growing awareness about cybersecurity. According to the report, titled “Cyber Hygiene Study 2018,” 60 percent of respondents cited the threat of personal data compromise as their top cybersecurity concern. Still, 33 percent admitted that they don’t use two-factor authentication (2FA), and 17 percent said they used the same password for six or more accounts.

These poor password practices persist despite employers’ efforts to enforce corporate cybersecurity policies. Another survey by B2B market research firm Clutch found that 67 percent of users regularly receive reminders to update their passwords. While 82 percent of respondents said they do frequently update their credentials, just 41 percent said they use 2FA and even fewer (20 percent) use a password manager.

Improving Corporate Cybersecurity

On the plus side, the Clutch study showed that employees can be highly proactive in ways that go above and beyond their corporate cybersecurity policies. In fact, 60 percent of employees said they report cybersecurity incidents to their organization while 59 percent have gone through security or compliance training.

As the workplace becomes increasingly digitized, organizations are trying to find the right balance between empowering employees to be productive and making sure they don’t get themselves into trouble. That could be why 55 percent of users reported that their internet access is restricted at work and 53 percent said they encounter user permission prompts when requesting access to the systems they need to do their jobs.

Tellingly, however, only 47 percent of employees are required to formally acknowledge their company’s IT security policy. These results suggest a need for IT leaders to drive awareness about corporate cybersecurity policies and follow up to ensure that users are practicing good cyber hygiene.

More from

Why do software vendors have such deep access into customer systems?

4 min read - To the naked eye, organizations are independent entities trying to make their individual mark on the world. But that was never the reality. Companies rely on other businesses to stay up and running. A grocery store needs its food suppliers; a tech company relies on the business making semiconductors and hardware. No one can go it alone.Today, the software supply chain interconnects companies across a wide range of industries. Software applications and operating systems depend on segments of the software…

How CTEM is providing better cybersecurity resilience for organizations

4 min read - Organizations today continuously face a number of fast-moving cyber threats that regularly challenge the effectiveness of their cybersecurity defenses. However, to keep pace, businesses need a proactive and adaptive approach to their security planning and execution.Cyber threat exposure management (CTEM) is an effective way to achieve this goal. It provides organizations with a reliable framework for identifying, assessing and mitigating new cyber risks as they materialize.The importance of developing cybersecurity resilienceRegardless of the industry, all organizations are subject to certain…

Insights from CISA’s red team findings and the evolution of EDR

3 min read - A recent CISA red team assessment of a United States critical infrastructure organization revealed systemic vulnerabilities in modern cybersecurity. Among the most pressing issues was a heavy reliance on endpoint detection and response (EDR) solutions, paired with a lack of network-level protections. These findings underscore a familiar challenge: Why do organizations place so much trust in EDR alone, and what must change to address its shortcomings? EDR’s double-edged sword A cornerstone of cyber resilience strategy, EDR solutions are prized for…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today