Education falling on deaf ears as employee behaviour exposes security risks

Ping Identity today announced survey results which reveals many enterprise employees are not connecting the dots between security best practices and behaviour in their work and personal lives.

With a third of respondents (34 per cent) accessing work data on their personal devices at least once a month, and 29 per cent doing this at least once a week, the boundaries between social and professional activities are blurring.

In many cases, the research highlighted an understanding by employees of what constitutes ‘risky behaviour’, but also revealed they were still undertaking these practices despite this awareness:

  • Even though nearly two thirds of respondents (63 per cent) thought connecting to public wifi was risky, 42 per cent are likely to do so
  • Although 54 per cent believe it to be risky to share passwords with family members, 24 per cent are likely to do so
  • 30 per cent of respondents were likely to use a work device for personal use despite 57 per cent believing this practice was risky

While 45 per cent said they wouldn’t give up their Facebook/ social media log-in credentials for any amount of money, 20 per cent would trade them in for less than £10 (with 14 per cent giving their log-ins away for free). People were slightly more protective of their work log-in credentials: 56 per cent would not give up their work log-ins for anything, but worryingly 23 per cent said they would sell it for less than £10!

Respondents aged 16-24 revealed even more worrying workplace behaviours compared to their elder counterparts:

  • Nearly half of 16-24 year olds (45 per cent) access work data on their personal devices more than once a week (compared to a survey average of 29 per cent)
  • 57 per cent of 16-24 year olds said they were ‘very likely’ or ‘somewhat likely’ to re-use their passwords across work emails and apps (compared to an average of 36 per cent)
  • In addition to this, 59 per cent said that they ‘sometimes’ or ‘always’ use the same passwords for personal use as they do for work purposes (compared to an average of 31 per cent)

The research highlighted that these behaviours were largely occurring despite security policy enforcement from enterprises’ IT teams. 79 per cent of respondents who are prompted to change their passwords, are reminded to do so at least once every three months by their IT teams.

When considering that over a third (36 per cent) admit that they are likely to reuse passwords for work-related accounts and over half (53 per cent) are likely to reuse passwords for personal accounts, it flags very obvious concerns for enterprise CIOs.

Phil Allen, VP EMEA at Ping Identity commented: “As employees increasingly use their personal devices for work purposes, and vice-versa, the policies taught, implemented and preached in a work environment seem to be forgotten. The modern wave of digital transformation does not start and stop at the traditional walls of an enterprise. With employees accessing work information on their personal devices, re-using passwords across multiple devices and even allowing family members to access work-owned computers, CIOs are faced with a challenging situation to manage. No matter how good an employee’s intentions are, this behaviour poses a real security threat.”

“People are arguably a business’ most valuable asset, so it is imperative to regularly ask the organisation what more they need in the way of new software and new technology. For example, many employees may want more secure and seamless access to their work devices and programmes, so that they can work on the move and in the most productive manner possible.

In this regard, investing in two-factor authentication could be a solution to ensuring staff are happy, productive and secured.”

The post Research reveals employee behaviour exposes security risk, despite education appeared first on IT SECURITY GURU.

Image credit: Shutterstock/Tashatuvango