When it comes to practicing good password security, it appears that employees still don’t get it.
A recent study from Ping Identity found that employees aren’t doing a very good job with password security basics. Okay, to give them credit, they are following the “rules” of creating a hard-to-guess password with combinations of alpha-numeric and symbols. But apparently, they are then so proud of that difficult password that they use it for everything. As eSecurity Planet pointed out, half the 1,000 respondents reuse the same password across work accounts, while two-thirds do the same for personal accounts. This is especially concerning when you consider how much the line between business and personal has blurred on our devices. The article stated:
The survey also found that while 78 percent of respondents believe it's risky to share passwords with family members, 37 percent admit doing so -- and 54 percent admit to sharing their login information with family members so they can access their computers, smartphones and tablets.
One in five respondents said they would sell their login credentials for the right price – like a year’s worth of mortgage or to pay off college loans. Talk about the rogue insider! I guess these people figure that if the information is being sold on the black market anyway, why not reap the rewards themselves?
What’s so surprising about these numbers is that the survey found that companies are pushing security education now more than ever, and on some level, it is sinking in. More than half of the respondents said that protecting the corporate data is very important (I’m guessing that number doesn’t include the group who sees dollar signs instead of login credentials). Yet they don’t put the same value on personal data; nor do they exercise those ethics, as they are not doing all they can to use best security and password practices.
Andre Durand, CEO of Ping Identity, said this in a statement about the study, and I agree with him wholeheartedly:
No matter how good employees’ intentions are, this behavior poses a real security threat. IT continues to shoulder the burden of enabling mobility in a secure manner and educating employees on safe online behavior, but those efforts are falling short, too. This is a defining moment for CISOs and CEOs, and tackling these pervasive disconnects will require both to come together to rethink how they ensure that the right people have access to the right data from any device, no matter where they are.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba