There’s been a great deal of information of late regarding the need for better information technology (IT) security (go here, here, and here for some examples) yet the “Achilles heel” regarding efforts to beef up digital security remains (wait for it …) human behavior.
And it’s simple stuff that’s thwarting IT security protocols such as re-using the same password for both work and personal computing access, or sharing passwords with others – big no-no’s in our age of rampant computer hacking.
A recent web-based survey of 1,016 U.S. adults conducted by security firm Ping Identity put some numbers to those human factor flaws; a poll that showed that the majority of employees are not connecting the dots between security best practices they are taught and behavior in their work and personal lives.
“Employees are doing some things really well to keep data secure, like creating unique and difficult-to-guess passwords, but are then reusing passwords across personal and work accounts or sharing them with family or colleagues,” noted Andre Durand, Ping’s CEO, in a statement.
“No matter how good employees’ intentions are, this behavior poses a real security threat. IT continues to shoulder the burden of enabling mobility in a secure manner and educating employees on safe online behavior, but those efforts are falling short, too,” he stressed. “Tackling these pervasive disconnects will require [company executives and employees] to come together to rethink how they ensure that the right people have access to the right data from any device, no matter where they are.”
Durand noted one of the big problems in this “digital age” of ours is that the line between personal and professional use of smart phone applications and other devices continues to blur.
And while employees claim to prioritize online security, the data shows they are struggling to consistently follow best practices and take accountability for their actions. In the event of a data breach, most employees say the blame would fall on IT and not on their own risky behavior, he said.
Unsafe password practices were a particularly noteworthy problem gathered from Ping’s survey:
- Some 58% of respondents believe that protecting work-related information is very important – even more so than their personal emails and home addresses.
- Yet even though 78% believe that it’s risky to share passwords with family members, 37% are likely to do so. The majority of respondents (54%) also admit to sharing their login information with family members so they can access their computers, smart phones and tablets.
- Half of respondents admit that they are likely to reuse passwords for work-related accounts. Nearly two-thirds (62%) are likely to reuse passwords for personal accounts.
- While 66% say they wouldn't give up their personal email login credentials for anything, a surprising 20% would trade them for a paid mortgage or rent for one year, and 19% would give up their personal email login credentials to pay off student loans or higher education tuition.
- People are more careful concerning their work login credentials as 74% would not give up their work email login credentials for anything.
Yet if workers are re-using their passwords for both home and work, you can see how “giving up” one set might compromise the other. And as the incidence of “inside jobs” continues to increase, those sorts of password security issues become more critical.
I know it’s not perhaps the happiest of subjects to discuss here on the eve of Christmas, but hey, the web never sleeps.
Enjoy the holiday break! We’ll be back next week.
