A Preempt survey of more than 200 employees (management level or above) from enterprise companies of 1000 or more people, found that businesses are left exposed by employees who have more access to sensitive resources than they should and who follow poor security habits.
Have you ever “bent the rules” or found a security workaround in order to get something done at work?
Results from the survey concluded that employees have more access than they should, and a large majority of them have poor security habits even when they think they don’t. 25 percent of employees have tried to access data at work that they weren’t supposed to, of which 60 percent were successful at accessing that data.
With nearly 41 percent of employees using the same password for both personal and work accounts, and 20 percent of employees aware that their passwords were compromised in a breach, it is concerning to find that 63 percent claim they only changed their passwords for the account that was breached, proving they are not aware of the full consequences of a password leak.
“Uncontrolled employee access combined with poor security habits are a recipe for a breach no matter how you look at it,” said Ajit Sancheti, CEO at Preempt. “With the billions of dollars being spent each year on cybersecurity, it’s concerning to discover how easy it is for over-confident employees to access data or bend the rules and negate the impact of those significant security investments.”
If you used the same password that was exposed in a public breach for work-relat-ed accounts, did you update your password only for where it was breached or for those work-related accounts as well?
Findings reveral poor security habits
Additional findings from the survey, include:
- 40 percent of respondents had no clue if their usernames and passwords were exposed in a public breach or not.
- More than 90 percent of all employees have weak password update practices, split almost equally between those who use multiple variations of the same passwords (changing a letter, character, etc.) and those who pick something very different or more complex but write it down.
- Nearly 25 percent of respondents claim that there are accounts in their office or group where multiple users share a username and password – posing a threat to the company should a disgruntled employee leave and passwords are left the same.
- More than 30 percent of respondents have at some point “bent the rules” or found a security workaround in order to get something done at work – with more than 10 percent of respondents having done so on multiple occasions or regularly.
- 41 percent of employees rate themselves in the top 25 percent in their organization when it comes to security/health awareness proving a large portion of employees think they are much more security aware than they really are.