Nearly 50% of employees in the US are unaware of password management policies

Results from a recent survey conducted by OneLogin show that staff don’t pay much attention when it comes to user access and information security. As a matter of fact, 13% of the 1,022 employees surveyed were willing to let their colleagues use a device that could access their company’s network. More worryingly, 10% allow their partners and even children to use the device.

Sharing passwords shouldn’t be the normal procedure

When asked about password-sharing, 20% of respondents admitted sharing their work email passwords and a further 12% share passwords for different work applications. Knowing this, it shouldn’t be surprising that nearly half of all employees are unaware of their company’s policies about password sharing and user access. This communication gap is clearly detrimental to the company’s security.

More than half of companies reported security incidents caused by employees

As reported by the Managing Insider Risk through Training & Culture, 55% of organizations had a security incident maliciously or inadvertently caused by their employees last year. “Security breaches are a near-daily occurrence in the news, said Alvaro Hoyos, Chief Information Security Officer at OneLogin. “Given that it takes only one compromised account to lead to a breach, these lax security practices are troubling”.

Mitigate the insider threat

To get to the root of the problem, here is a selection of tools and resources that can help any company mitigate and reduce the risk posed by insider threats:

  • Adopt a bring your own device (BYOD) policy – give your employees clear rules and procedures for using their own devices for business. The BYOD Policy Template Toolkit contains customizable policy templates and implementation guidance to help structure and manage the BYOD policy in any organization. Read more >>
  • Implement access controls and administrative privilege management – restrict access to the most sensitive information to employees who need to access it to perform their daily tasks and no one else. You should also limit special access privileges, such as administrative accounts, to a restricted number of your staff only. This is one of the five requirements mandated by Cyber Essentials, a UK Government-backed scheme to help companies improve their cyber security posture. Read more >>

Visit our web store for more solutions >>