A recent study found that a quarter of employees reuse the same password for all their accounts, putting corporate cybersecurity at risk and highlighting a need for better training.

Even worse, 81 percent of employees who reuse the same credentials don’t bother to protect their smartphone or desktop with a password. The survey also found that 23 percent of employees frequently click on potentially malicious links before verifying them in any way.

Security Hygiene Falls Through the Cracks Despite Heightened Awareness

The research showed that users are still failing to follow basic cyber hygiene best practices despite growing awareness about cybersecurity. According to the report, titled “Cyber Hygiene Study 2018,” 60 percent of respondents cited the threat of personal data compromise as their top cybersecurity concern. Still, 33 percent admitted that they don’t use two-factor authentication (2FA), and 17 percent said they used the same password for six or more accounts.

These poor password practices persist despite employers’ efforts to enforce corporate cybersecurity policies. Another survey by B2B market research firm Clutch found that 67 percent of users regularly receive reminders to update their passwords. While 82 percent of respondents said they do frequently update their credentials, just 41 percent said they use 2FA and even fewer (20 percent) use a password manager.

Improving Corporate Cybersecurity

On the plus side, the Clutch study showed that employees can be highly proactive in ways that go above and beyond their corporate cybersecurity policies. In fact, 60 percent of employees said they report cybersecurity incidents to their organization while 59 percent have gone through security or compliance training.

As the workplace becomes increasingly digitized, organizations are trying to find the right balance between empowering employees to be productive and making sure they don’t get themselves into trouble. That could be why 55 percent of users reported that their internet access is restricted at work and 53 percent said they encounter user permission prompts when requesting access to the systems they need to do their jobs.

Tellingly, however, only 47 percent of employees are required to formally acknowledge their company’s IT security policy. These results suggest a need for IT leaders to drive awareness about corporate cybersecurity policies and follow up to ensure that users are practicing good cyber hygiene.