Getting Employees (Through Training) on Board Is Key to Data Security

Would your employees sell their business passwords to a third party for a measly $150? While most employers would likely respond with a resounding “NO,” such confidence may not be so justified when it comes to data security.

Survey Reveals Lax Password Management

A recent survey found that many employees are still not taking data security very seriously. SailPoint’s 7th Annual Market Pulse Survey polled 1,000 employees at large organizations across Australia, France, Germany, the Netherlands, the United Kingdom, and the United States. Among the password study’s most notable findings:

• More than 50 percent of workers surveyed reuse passwords for personal and corporate applications. On average, they only use three passwords for all of their logins.
• One in seven would sell their passwords to a third party, some for as little as $150.
• Of those surveyed, 20 percent share their passwords with fellow employees.
• One in five respondents have fallen victim to a high-profile data breach.
• Despite their actions in the workplace, 20 percent of respondents would stop doing business with a company that placed their data at risk.

“Employees may have moved away from the post-it note password list, but using the same password across personal and work applications exposes the company,” said Kevin Cunningham, president and founder of SailPoint. “Just think of the major breaches that occurred in 2014 requiring users to change their passwords on social media. If those were the same passwords being used to access mission-critical applications, it’s very easy for hacking organizations to take advantage and get into more valuable areas.”

Steps to Improve Password Protection

Many employees use a number of passwords on a daily basis, and it can be tempting to create one login that works across the board. Unfortunately, hackers are aware of this vulnerability and are increasingly using passwords from soft targets like social media to gain access to sensitive corporate data. To address these data security risks, there are steps that businesses can take:

• Implement and enforce a policy that prohibits reusing corporate passwords on third-party sites.
• Train employees regarding the risk of password reuse and how to safeguard their corporate credentials.
• Require employees to change their corporate credentials every 90 days.
• Immediately remove old passwords so that former employees cannot access your systems.
• Install password management software and other tools that regulate/automate the use of corporate passwords.

The SailPoint study should certainly be eye opening for employers. The bottom-line — if you don’t already have strong password policies in place, you could be exposing your company to significant liability.

Do you have any feedback, thoughts, reactions or comments concerning this topic? Feel free to leave a comment below and follow the twitter accounts @CyberPinguelo and@eWHW_Blog. If you have any questions about this post or would like assistance with your legal needs, please contact me or the Scarinci Hollenbeck attorney with whom you work. To learn more about data privacy and security, visit eWhiteHouse Watch – Where Technology, Politics, and Privacy Collide (http://ewhwblog.com).