Are poor staff security habits putting businesses at risk?

Research commissioned by Microsoft highlights how poor security habits among employees are increasing the risk of cyberattacks.
19 February 2019

Don’t write down your passwords. Source: Shutterstock

Poor cybersecurity habits among employees within large public and private sector organizations are increasing the risk of data breaches and intellectual property loss.

According to a recent report by Amarach Research, commissioned by Microsoft, organizations need to rethink their cybersecurity culture to prevent attacks, data breaches, and intellectual property loss.

700 employees were surveyed, and more than 100 of them revealed potentially dangerous habits that could lead to important information being compromised.

With only 54 percent of respondents receiving cybersecurity training once a year, there’s obviously much room for improvement. Just 16 percent had updated their passwords in the last 12 months in line with company policies.

22 percent, meanwhile, write down their passwords, as passwords have become too easy to guess or steal. Moreover, two out of five people recycle their work passwords, with 44 percent recycling their personal passwords.

There’s a chance to improve things though; three out of five employees surveyed say they would be open to having biometric verification instead of passwords.

Other dangers included the use of personal USB thumb drives into their work devices. This will create a risk of company data falling out of view.

According to Microsoft, 81 percent of major data breaches last year could be traced back to identity compromise alone.

“Organizations can invest in robust data protection and security measures, but their employees could, accidentally, bring about a potential security disaster,” said Des Ryan, Microsoft Ireland solutions director.

Ryan said that passwords can be hacked, guessed, leaked or lost. He feels that new technologies such as biometric security can protect organizations from social engineering attacks. He believes its time for companies to take a proactive approach to data security, new technologies, and consistent training.

Enforced policies and better device upgrades, in his opinion, will lead to employees delivering the productivity needed for successful transformation with minimum risk to the organization.

In some cases, employees may be performing company-related tasks on older devices or older versions of the Windows operating system and this could have a detrimental effect.

Ryan also mentions that for those who like working in a public Wi-Fi spot, the dangers could be immense— those who do not have the latest security measures or hardware could be transmitting data that could be sensitive in nature to hackers that could be snooping close by.