June 13, 2018 By Shane Schick 2 min read

A recent study found that a quarter of employees reuse the same password for all their accounts, putting corporate cybersecurity at risk and highlighting a need for better training.

Even worse, 81 percent of employees who reuse the same credentials don’t bother to protect their smartphone or desktop with a password. The survey also found that 23 percent of employees frequently click on potentially malicious links before verifying them in any way.

Security Hygiene Falls Through the Cracks Despite Heightened Awareness

The research showed that users are still failing to follow basic cyber hygiene best practices despite growing awareness about cybersecurity. According to the report, titled “Cyber Hygiene Study 2018,” 60 percent of respondents cited the threat of personal data compromise as their top cybersecurity concern. Still, 33 percent admitted that they don’t use two-factor authentication (2FA), and 17 percent said they used the same password for six or more accounts.

These poor password practices persist despite employers’ efforts to enforce corporate cybersecurity policies. Another survey by B2B market research firm Clutch found that 67 percent of users regularly receive reminders to update their passwords. While 82 percent of respondents said they do frequently update their credentials, just 41 percent said they use 2FA and even fewer (20 percent) use a password manager.

Improving Corporate Cybersecurity

On the plus side, the Clutch study showed that employees can be highly proactive in ways that go above and beyond their corporate cybersecurity policies. In fact, 60 percent of employees said they report cybersecurity incidents to their organization while 59 percent have gone through security or compliance training.

As the workplace becomes increasingly digitized, organizations are trying to find the right balance between empowering employees to be productive and making sure they don’t get themselves into trouble. That could be why 55 percent of users reported that their internet access is restricted at work and 53 percent said they encounter user permission prompts when requesting access to the systems they need to do their jobs.

Tellingly, however, only 47 percent of employees are required to formally acknowledge their company’s IT security policy. These results suggest a need for IT leaders to drive awareness about corporate cybersecurity policies and follow up to ensure that users are practicing good cyber hygiene.

More from

How will the Merck settlement affect the insurance industry?

3 min read - A major shift in how cyber insurance works started with an attack on the pharmaceutical giant Merck. Or did it start somewhere else?In June 2017, the NotPetya incident hit some 40,000 Merck computers, destroying data and forcing a months-long recovery process. The attack affected thousands of multinational companies, including Mondelēz and Maersk. In total, the malware caused roughly $10 billion in damage.NotPetya malware exploited two Windows vulnerabilities: EternalBlue, a digital skeleton key leaked from the NSA, and Mimikatz, an exploit…

3 Strategies to overcome data security challenges in 2024

3 min read - There are over 17 billion internet-connected devices in the world — and experts expect that number will surge to almost 30 billion by 2030.This rapidly growing digital ecosystem makes it increasingly challenging to protect people’s privacy. Attackers only need to be right once to seize databases of personally identifiable information (PII), including payment card information, addresses, phone numbers and Social Security numbers.In addition to the ever-present cybersecurity threats, data security teams must consider the growing list of data compliance laws…

ICS CERT predictions for 2024: What you need to know

4 min read - As we work through the first quarter of 2024, various sectors are continuously adapting to increasingly complex cybersecurity threats. Sectors like healthcare, finance, energy and transportation are all regularly widening their digital infrastructure, resulting in larger attack surfaces and greater risk exposure.Kaspersky just released their ICS CERT Predictions for this year, outlining the key cybersecurity challenges industrial enterprises will face in the year ahead. The forecasts emphasize the persistent nature of ransomware threats, the increasing prevalence of cosmopolitical hacktivism, insights…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today