Ping Identity, the leader of Identity Defined Security, today announced survey results which reveals many enterprise employees are not connecting the dots between security best practices and behaviour in their work and personal lives.
With a third of respondents (34%) accessing work data on their personal devices at least once a month, and 29% doing this at least once a week, the boundaries between social and professional activities are blurring.
In many cases, the research highlighted an understanding by employees of what constitutes ‘risky behaviour’, but also revealed they were still undertaking these practices despite this awareness:
- Even though nearly two thirds of respondents (63%) thought connecting to public wifi was risky, 42% are likely to do so
- Although 54% believe it to be risky to share passwords with family members, 24% are likely to do so
- 30% of respondents were likely to use a work device for personal use despite 57% believing this practice was risky
While 45% said they wouldn’t give up their Facebook/ social media log-in credentials for any amount of money, 20% would trade them in for less than £10 (with 14% giving their log-ins away for free). People were slightly more protective of their work log-in credentials: 56% would not give up their work log-ins for anything, but worryingly 23% said they would sell it for less than £10!
Respondents aged 16-24 revealed even more worrying workplace behaviours compared to their elder counterparts:
- Nearly half of 16-24 year olds (45%) access work data on their personal devices more than once a week (compared to a survey average of 29%)
- 57% of 16-24 year olds said they were ‘very likely’ or ‘somewhat likely’ to re-use their passwords across work emails and apps (compared to an average of 36%)
- In addition to this, 59% said that they ‘sometimes’ or ‘always’ use the same passwords for personal use as they do for work purposes (compared to an average of 31%)
Education falling on deaf ears?
The research highlighted that these behaviours were largely occurring despite security policy enforcement from enterprises’ IT teams. 79% of respondents who are prompted to change their passwords, are reminded to do so at least once every three months by their IT teams.
When considering that over a third (36%) admit that they are likely to reuse passwords for work-related accounts and over half (53%) are likely to reuse passwords for personal accounts, it flags very obvious concerns for enterprise CIOs.
Phil Allen, VP EMEA at Ping Identity commented on these findings: “As employees increasingly use their personal devices for work purposes, and vice-versa, the policies taught, implemented and preached in a work environment seem to be forgotten. The modern wave of digital transformation does not start and stop at the traditional walls of an enterprise. With employees accessing work information on their personal devices, re-using passwords across multiple devices and even allowing family members to access work-owned computers, CIOs are faced with a challenging situation to manage. No matter how good an employee’s intentions are, this behaviour poses a real security threat.”
“People are arguably a business’ most valuable asset, so it is imperative to regularly ask the organisation what more they need in the way of new software and new technology. For example, many employees may want more secure and seamless access to their work devices and programmes, so that they can work on the move and in the most productive manner possible. In this regard, investing in two-factor authentication could be a solution to ensuring staff are happy, productive and secured.”